AT&T’s “Transparency” Report: Polite Requests Versus Demands

/5 Comments/in /by

Screen Shot 2014-02-18 at 1.40.24 PMI want to make two more points about AT&T’s “Transparency” Report which, as I mentioned earlier, shows how deceitful “transparency” reports can be.

First, compare the number of subpoenas AT&T shows, total, compared to the rough numbers provided for requests to AT&T under Hemisphere for the prior year.

In 2012, 3 cities — Atlanta, Houston, and  Los Angeles — submitted a total of 2,770 requests to Hemisphere. In 2012 to 2013 (see the following slide), 7 HIDTAs plus two parts of the Southwest Border HIDTA submitted 838 requests to Hemisphere. While I suspect other HIDTAs also have access to Hemisphere, those numbers are still just a tiny fraction of the total subpoenas AT&T got the following year — using the larger number, just slightly more than 1% of the 223,659 criminal subpoenas AT&T received in 2013.

Even assuming the number is 3 times that across all DEA requests, that seems like a miniscule number, probably even a miniscule number of the requests submitted in drug investigations.

We are to believe, then, that AT&T keeps up this database just to feed as what might be less than 4% of its total requests?

Which is one reason I suspect Hemisphere is also serving other purposes.

And that, of course actually assumes (I’m in a generous mood) that AT&T receives a subpoena for all its Hemisphere requests, in spite of references in the Hemisphere presentation to emails and despite the past history of AT&T (or another telecom) providing phone records in response to requests on Post-It notes.

Which makes me really wonder, given another little detail in AT&T’s “Transparency” Report, whether AT&T responds to as data requests, rather than formal demands.

Here are the categories for the data requests it gets:

  • National Security Demands
  • Total U.S. Criminal & Civil Litigation Demands
  • Location Demands
  • Emergency Requests
  • International Demands [my emphasis]

Remarkably, AT&T has just 22 International Demands, counting both law enforcement and URL blocking. Verizon, by contrast, got 2,396 law enforcement demands and 1,663 block requests, though some of that may reflect Vodapone exposure and it also implies there were other requests that it funneled through MLAT processing.

I raise this because, in his paper on the dragnet, David Kris repeatedly suggested the NSA gets some bulk metadata via voluntary production of foreign data.

Alternative methods of collection would include non-bulk FISA orders, or what prior NSA Directors in the past have referred to as “vacuum cleaner” surveillance outside the ambit of FISA, under Executive Order 12333 and its subordinate procedures, such as DOD 5240-1.R, and perhaps voluntary production if not otherwise prohibited by law. See NSA End-to-End Review at 15; August 2013 FISC Order at 10 n.10 (“The Court understands that NSA receives certain call detail records pursuant to other authority, in addition to the call detail records produced in response to this Court’s Orders.”); cf. 18 U.S.C. § 2511(2)(f) otherwise applicable Federal law involving a foreign electronic communications system, utilizing a means other than electronic surveillance as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978”).(“Nothing contained in this chapter or chapter 121 or 206 of this title, or section 705 of the Communications Act of 1934, shall be deemed to affect the acquisition by the United States Government of foreign intelligence information from international or foreign communications, or foreign intelligence activities conducted in accordance with otherwise applicable Federal law involving a foreign electronic communications system, utilizing a means other than electronic surveillance as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978”).

If AT&T is voluntarily providing data in response to requests, without insisting on getting a demand, it might explain some of the numbers (not to mention its far greater skew towards subpoenas rather than warrants, as compared to Verizon — though this “demand” “request” language necessarily appears at Verizon, too).

Don’t get me wrong: if AT&T wants to just give out customer information in response to data requests without asking for a demand, I’ll just assume it’s being polite to those in authority. But if it is, those requests should be in its transparency report too.

Share this entry

Would We Have Accepted the Dragnet if NSA Had to Admit It Could Have Prevented 9/11?

/8 Comments/in /by

Screen shot 2014-02-18 at 10.16.30 AMI’m going to return to Glenn Greenwald’s latest showing details of how the NSA treated WikiLeaks and, to a lesser degree, Anonymous (as well as Alexa O’Brien’s update on the investigation into WikiLeaks) later.

If GCHQ does this kind of tracking, how did Five Eyes miss the Tsarnaev brothers?

But for now I want to look at one slide covering GCHQ’s AntiCrisis monitoring approach (see slide 34), which in this case is focused on WikiLeaks. It shows how GCHQ has the ability — and had it in 2012 — to monitor particular websites. It shows GCHQ can monitor the visitors of a particular website, where they’re coming from, what kind of browsers they use. None of that is, in the least surprising. But given those capabilities, it would be shocking if GCHQ weren’t doing similar monitoring of AQAP’s online magazine Inspire, with the added benefit that certain text strings in each Inspire magazine would make it very easy to track copies of it as it was downloaded, even domestically via upstream collection. And for the UK, this isn’t even controversial; even possessing Inspire in the UK can get you imprisoned.

Given that that’s the case, why didn’t GCHQ and NSA find the Tsarnaev brothers who — the FBI has claimed but provided no proof — learned to make a bomb from the Inspire release that GCHQ or NSA hacked? Why isn’t NSA reviewing why it didn’t find the brothers based on cross-referencing likely NSA tracking of Inspire with its FBI reporting on Tamerlan Tsarnaev?

I used to not believe NSA should have found the Tsarneavs. But now that I’ve seen all the nifty tools we’ve learned NSA and, especially, GCHQ have, they really do owe us an explanation for why they didn’t find the Tsarnaev brothers, one of whom was already in an FBI database, and who was allegedly learning to make a pressure cooker bomb from a document that surely gets tracked by the NSA and its partners.

Speaking of NSA failures…

Which brings me back to James Clapper’s interview with Eli Lake.

Clapper said the problems facing the U.S. intelligence community over its collection of phone records could have been avoided. “I probably shouldn’t say this, but I will. Had we been transparent about this from the outset right after 9/11—which is the genesis of the 215 program—and said both to the American people and to their elected representatives, we need to cover this gap, we need to make sure this never happens to us again, so here is what we are going to set up, here is how it’s going to work, and why we have to do it, and here are the safeguards… We wouldn’t have had the problem we had,” Clapper said.

“What did us in here, what worked against us was this shocking revelation,” he said, referring to the first disclosures from Snowden. If the program had been publicly introduced in the wake of the 9/11 attacks, most Americans would probably have supported it. “I don’t think it would be of any greater concern to most Americans than fingerprints

Now, I’ll have to review the latest declarations in Jewel, but I think Clapper’s statement — that the genesis of today’s phone dragnet dates to 9/11 —  goes slightly beyond what has been admitted, because it ties today’s phone dragnet program back to the PSP phone dragnet program. Ron Wyden has tried to make the tie between the illegal program and the current one clear for months. Clapper has now inched closer to doing so.

But I also want to take issue with Clapper’s claim that if NSA had presented a “gap” to Members of Congress and the public after 9/11 we would have loved the dragnet.

Had we known of the errors and territorialism that permitted 9/11, would we have agreed to any of this?

I do so, in part, because the claim there was a “gap” is erroneous and has been proven to be erroneous over and over. Moreover, that myth dates not to the days after 9/11, but to misrepresentations about the content of the 9/11 Commission report 3 years later. Note, too, that (as has happened with Inspector Generals reviews of the Boston Marathon attack) the Commission got almost no visibility into what NSA had against al Qaeda.

More importantly, had NSA gone to the public with claims about gaps it did and didn’t have before 9/11, we would likely have talked not about providing NSA more authority to collect dragnets, but instead, about the responsibility of those who sat on intelligence that might have prevented 9/11.

As Thomas Drake and the other NSA whistleblowers have made clear, the NSA had not shared intelligence reports that might have helped prevent 9/11.

I found the pre- and post-9/11 intelligence from NSA monitoring of some of the hijackers as they planned the attacks of 9/11 had not been shared outside NSA. Read more

Share this entry

AT&T: Anti-Transparency and Trickery

/4 Comments/in /by

I noted last month that Verizon released its transparency report before the Tech Company transparency deal, which gave it a way to avoid revealing this embarrassing detail:

Had Verizon released a transparency report yesterday, it would have added at least the following two details:

Non-Content FISA orders:

4 orders affecting 107,700,000 customers

Content FISA orders:

? orders affecting ? selectors (probably measuring the number of search terms — maybe something like “250″ — Verizon searches for off its upstream collection affecting millions of people)

It would have painted a very different picture.

AT&T wasn’t as smart as Verizon, only now releasing its so-called transparency report. (h/t Kash Hill)

Here’s how it communicated to its customers that it provides all their call records and sucks up Internet data off its switches using search terms.

Screen shot 2014-02-18 at 9.26.06 AM

 

You see, it’s supposed to reveal all of its FISA Court orders, not just the orders it gets under the Foreign Intelligence Surveillance Act, which is a different thing. While the number of non-content orders might still be quite small: just 4 orders, presumably, plus some exotic ones thrown in. The number of customer accounts affected would be “all.”

Moreover, in the content section, AT&T is supposed to describe “customer selectors.” This is different than accounts, because, in AT&T’s case, it also includes the number of search terms is sucks right off the circuits (which affects millions of accounts).

Congratulations, AT&T, you have demonstrated definitively these transparency guidelines are not about transparency at all.

Share this entry

Obviously Bogus Clapper Exoneration Attempt 5.0 Doesn’t Exactly Line Up with OBCEA 4.0

/9 Comments/in , /by

Office of Director of National Intelligence General Counsel Robert Litt, 45 days ago:

Senator Ron Wyden asked about collection of information on Americans during a lengthy and wide-ranging hearing on an entirely different subject. While his staff provided the question the day before, Mr. Clapper had not seen it. As a result, as Mr. Clapper has explained, he was surprised by the question and focused his mind on the collection of the content of Americans’ communications. In that context, his answer was and is accurate.

When we pointed out Mr. Clapper’s mistake to him, he was surprised and distressed. I spoke with a staffer for Senator Wyden several days later and told him that although Mr. Clapper recognized that his testimony was inaccurate, it could not be corrected publicly because the program involved was classified.

This incident shows the difficulty of discussing classified information in an unclassified setting and the danger of inferring a person’s state of mind from extemporaneous answers given under pressure.

Director of National Intelligence James Clapper, today:

But Clapper told The Daily Beast that he simply misunderstood Wyden’s question. At the time of the hearing last March, Congress had just finished consideration of a bill to renew the Foreign Intelligence Surveillance Act (FISA). Section 702 of that legislation gives the National Security Agency the authority to collect the electronic communications of non-U.S. persons. In his question, Wyden asked initially if the United States had collected “dossiers” on American citizens and referred to an answer to this question by then NSA director, Keith Alexander.

“I was not even thinking of what he was asking about, which is of course we now all know as section 215 of the Patriot Act governing the acquisition and storage of telephony business records metadata,” Clapper said. “Wasn’t even thinking of that.” The director of national intelligence said he thought Wyden’s question was actually about section 702 of FISA.

“The allegation about my lying and committing perjury I think are disproven by my labored amplification when I said, ‘if there is, it’s inadvertent collection,’ meaning when we’re collecting overseas under section 702, and if we inadvertently collect which we may not know at the time, U.S. persons data, that’s what I meant by inadvertent. That comment would make absolutely no sense whatsoever in the context of section 215.”

At the time of the Mitchell interview, the U.S. government was still in the process of declassifying elements of the FISA 702 program. “There is only one person on the planet who actually knows what I was thinking,” Clapper said of his testimony from last March. “Not the media, and not certain members of Congress, only I know what I was thinking.”

If only one person knows what he was thinking, then how was Robert Litt in any position to tell us Clapper was “surprised”?

And has Clapper decided he wasn’t “surprised” (perhaps because he had been briefed, not to mention had received months and months of letters, about the question), but instead simply “misunderstood” the intent of a question he had received months of letters about?

Share this entry

SPCMA: The Other NSA Dragnet Sucking In Americans

/8 Comments/in , , /by

Screen Shot 2014-02-16 at 10.42.09 PMIn December, I wrote a post noting that NSA personnel performing analysis on PATRIOT-authorized metadata (both phone or Internet) can choose to contact chain on just that US-collected data, or — in what’s call a “federated query” — on foreign collected data, collected under Executive Order 12333, as well. It also appears (though I’m less certain of this) that analysts can do contact chains that mix phone and Internet data, which presumably is made easier by the rise of smart phones.

Section 215 is just a small part of the dragnet

This is one reason I keep complaining that journalists reporting the claim that NSA only collects 20-30% of US phone data need to specify they’re talking about just Section 215 collection. Because we know, in part because Richard Clarke said this explicitly at a Senate Judiciary Committee hearing last month, that Section “215 produces a small percentage of the overall data that’s collected.” At the very least, the EO 12333 data will include the domestic end of any foreign-to-domestic calls it collects, whether made via land line or cell. And that doesn’t account for any metadata acquired from GCHQ, which might include far more US person data.

The Section 215 phone dragnet is just a small part of a larger largely-integrated global dragnet, and even the records of US person calls and emails in that dragnet may derive from multiple different authorities, in addition to the PATRIOT Act ones.

SPCMA provided NSA a second way to contact chain on US person identifiers

With that background, I want to look at one part of that dragnet: “SPCMA,” which stands for “Special Procedures Governing Communications Metadata Analysis,” and which (the screen capture above shows) is one way to access the dragnet of US-collected (“1st person”) data. SPCMA provides a way for NSA to include US person data in its analysis of foreign-collected intelligence.

According to what is currently in the public record, SPCMA dates to Ken Wainstein and Steven Bradbury’s efforts in 2007 to end some limits on NSA’s non-PATRIOT authority metadata analysis involving US persons. (They don’t call it SPCMA, but the name of their special procedures match the name used in later years; the word, “governing,” is for some reason not included in the acronym)

Wainstein and Bradbury were effectively adding a second way to contact chain on US person data.

They were proposing this change 3 years after Collen Kollar-Kotelly permitted the collection and analysis of domestic Internet metadata and 1 year after Malcolm Howard permitted the collection and analysis of domestic phone metadata under PATRIOT authorities, both with some restrictions, By that point, the NSA’s FISC-authorized Internet metadata program had already violated — indeed, was still in violation — of Kollar-Kotelly’s category restrictions on Internet metadata collection; in fact, the program never came into compliance until it was restarted in 2010.

By treating data as already-collected, SPCMA got around legal problems with Internet metadata

Against that background, Wainstein and Bradbury requested newly confirmed Attorney General Michael Mukasey to approve a change in how NSA treated metadata collected under a range of other authorities (Defense Secretary Bob Gates had already approved the change). They argued the change would serve to make available foreign intelligence information that had been unavailable because of what they described as an “over-identification” of US persons in the data set.

NSA’s present practice is to “stop” when a chain hits a telephone number or address believed to be used by a United States person. NSA believes that it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person, will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States. It is not clear, however, whether NSA’s current procedures permit chaining through a United States telephone number, IP address or e-mail address.

They also argued making the change would pave the way for sharing more metadata analysis with CIA and other parts of DOD.

The proposal appears to have aimed to do two things. First, to permit the same kind of contact chaining — including US person data — authorized under the phone and Internet dragnets, but using data collected under other authorities (in 2007, Wainstein and Bradbury said some of the data would be collected under traditional FISA). But also to do so without the dissemination restrictions imposed by FISC on those PATRIOT-authorized dragnets.

In addition (whether this was one of the goals or not), SPCMA defined metadata in a way that almost certainly permitted contact chaining on metadata not permitted under Kollar-Kotelly’s order.

“Metadata” also means (1) information about the Internet-protocol (IP) address of the computer from which an e-mail or other electronic communication was sent and, depending on the circumstances, the IP address of routers and servers on the Internet that have handled the communication during transmission; (2) the exchange of an IP address and e-mail address that occurs when a user logs into a web-based e-mail service; and (3) for certain logins to web-based e-mail accounts, inbox metadata that is transmitted to the user upon accessing the account.

Some of this information — such as the web-based email exchange — almost certainly would have been excluded from Kollar-Kotelly’s permitted categories because it would constitute content, not metadata, to the telecoms collecting it under PATRIOT Authorities.

Wainstein and Bradbury appear to have gotten around that legal problem — which was almost certainly the legal problem behind the 2004 hospital confrontation — by just assuming the data was already collected, giving it a sort of legal virgin birth.

Doing so allowed them to distinguish this data from Pen Register data (ironically, precisely the authority Kollar-Kotelly relied on to authorize PATRIOT-authorized Internet metadata collection) because it was no longer in motion.

First, for the purpose of these provisions, “pen register” is defined as “a device or process which records or decodes dialing, routing, addressing or signaling information.” 18 U.S.C. § 3127(3); 50 U.S.C. § 1841 (2). When NSA will conduct the analysis it proposes, however, the dialing and other information will have been already recorded and decoded. Second, a “trap and trace device” is defined as “a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing and signaling information.” 18 U.S.C. § 3127(4); 50 U.S.C. § 1841(2). Again, those impulses will already have been captured at the point that NSA conducts chaining. Thus, NSA’s communications metadata analysis falls outside the coverage of these provisions.

And it allowed them to distinguish it from “electronic surveillance.”

The fourth definition of electronic surveillance involves “the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication …. ” 50 U.S.C. § 1802(f)(2). “Wire communication” is, in turn, defined as “any communication while it is being carried by a wire, cable, or other like com1ection furnished or operated by any person engaged as a common carrier …. ” !d. § 1801 (1). The data that the NSA wishes to analyze already resides in its databases. The proposed analysis thus does not involve the acquisition of a communication “while it is being carried” by a connection furnished or operated by a common carrier.

This legal argument, it seems, provided them a way to carve out metadata analysis under DOD’s secret rules on electronic surveillance, distinguishing the treatment of this data from “interception” and “selection.”

For purposes of Procedure 5 of DoD Regulation 5240.1-R and the Classified Annex thereto, contact chaining and other metadata analysis don’t qualify as the “interception” or “selection” of communications, nor do they qualify as “us[ing] a selection term,” including using a selection term “intended to intercept a communication on the basis of … [some] aspect of the content of the communication.”

This approach reversed an earlier interpretation made by then Counsel of DOJ’s Office of Intelligence and Policy Review James A Baker.

Baker may play an interesting role in the timing of SPCMA. He had just left in 2007 when Bradbury and Wainstein proposed the change. After a stint in academics, Baker served as Verizon’s Assistant General Counsel for National Security (!) until 2009, when he returned to DOJ as an Associate Deputy Attorney General. Baker, incidentally, got named FBI General Counsel last month.

NSA implemented SPCMA as a pilot in 2009 and more broadly in 2011

It wasn’t until 2009, amid NSA’s long investigation into NSA’s phone and Internet dragnet violations that NSA first started rolling out this new contact chaining approach. I’ve noted that the rollout of this new contact-chaining approach occurred in that time frame.

Comparing the name …

SIGINT Management Directive 424 (“SIGINT Development-Communications Metadata Analysis”) provides guidance on the NSA/ CSS implementation of the “Department of Defense Supplemental Procedures Governing Communications Metadata Analysis” (SPCMA), as approved by the U.S. Attorney General and the Secretary of Defense. [my emphasis]

And the description of the change …

Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.) [emphasis origina]

,,, Make it clear it is the same program.

NSA appears to have made a few changes in the interim. Read more

Share this entry

The NSA May Not “Target” Lawyers, But It Does “Spy” on Them

/18 Comments/in /by

Congratulations to Ben Wittes who, with this post, demonstrates how the NSA can “spy” on Americans without “targeting” them.

His piece consists of several steps. First, Wittes goes to great effort to show that Laura Poitras and James Risen have not shown that the American law firm representing the Indonesian government, Mayer Brown, was “targeted” (though he seems to think that means they weren’t spied on).

For starters, it is important to emphasize that the Times story does not involve NSA spying. It doesn’t involve any remotely-plausible suggestion of illegality. It doesn’t involve any targeting of Americans. And it doesn’t involve any targeting of lawyers either.

The facts the story reports are these:

  • The surveillance in question was conducted by the Australian Signals Directorate (ASD), not NSA.
  • The surveillance targeted Indonesian government officials engaged in trade talks with the United States.
  • The surveillance apparently took place overseas. (There is no suggestion in the story that the surveillance took place inside the United States.)

In other words, a foreign intelligence service was conducting surveillance against another foreign government, which was in communication with a U.S. law firm. [my emphasis]

This is a flimsy use of NSA’s own euphemism, “targeting,” given that NYT never uses the word in the context of the law firm (they do use it to discuss the law and make it clear ASD discovered they were spying on an American who was working for the USG). The verbs they use include “entangled,” “caught up,” “monitored,” “ensnared,” and “compromised.” All verbs that describe what happens when someone talks to a targeted entity.

From there, Wittes takes a hypothetical quote offered by the NSA spokesperson, explaining that NSA sometimes does ask Five Eyes partners to take special precautions, to suggest the NSA did ask Australia’s ASD to protect the US lawyers involved.

An N.S.A. spokeswoman said the agency’s Office of the General Counsel was consulted when issues of potential attorney-client privilege arose and could recommend steps to protect such information.

“Such steps could include requesting that collection or reporting by a foreign partner be limited, that intelligence reports be written so as to limit the inclusion of privileged material and to exclude U.S. identities, and that dissemination of such reports be limited and subject to appropriate warnings or restrictions on their use,” said Vanee M. Vines, the spokeswoman.

But doesn’t quote the bit that makes it clear NSA would not — and was not — commenting on this case.

The N.S.A. declined to answer questions about the reported surveillance, including whether information involving the American law firm was shared with United States trade officials or negotiators.

Then Wittes shows the ambiguity about what happened when the ASD told the US an American law firm had gotten caught in its surveillance, quoting from the text.

Here’s the direct quote from the document in question.

(TS//SI//REL) SUSLOC Facilitates Sensitive DSD Reporting on Trade Talks: According to SIGINT information obtained by DSD, the Indonesian Government has employed a US law firm to represent its interests in trade talks with the US. On DSD’s behalf, SUSLOC sought NSA OGC guidance regarding continued reporting on the Indonesian government communications, taking into account that information covered by attorney-client privilege may be included. OGC provided clear guidance and DSD has been able to continue to cover the talks, providing highly useful intelligence for interested US customers.

Now, I agree this passage is not crystal clear (though it is less ambiguous than the text itself). What is clear is DSD (the name of which has subsequently been changed to ASD) continued spying on the Indonesian government — and sharing that spying with US “customers” — after SUSLOC consulted (on its behalf) with NSA’s lawyers.

Read more

Share this entry

Former Professional Journalist Suggests NYT Shouldn’t Pay Its Journalists

/14 Comments/in , /by

I’m working on a more substantive response to this Ben Wittes post claiming that the NYT’s latest Snowden story doesn’t mean the NSA spies on lawyers.

But I wanted to note how it begins.

Unless the public is really tiring of matters Snowden, the New York Times’s latest is going to stir up the hornet’s nest. “Spying by N.S.A. Ally Entangled U.S. Law Firm,” blares the headline of the story by reporter James Risen and freelancer Laura Poitras—from whom the Times (which insists it never pays for information) sometimes procures Snowden-leaked documents and to whom it gives a byline when it does so. [my emphasis]

The apparent subtext here is that the NYT is paying Laura Poitras not to do journalism on a story she has covered in depth for the last 8 months, but instead for access to documents in her possession (or to use Mike Rogers’ formulation, Poitras is fencing stolen property).

The comment is odd not just because Wittes has not (as far as I know) complained that the NYT also got (or may have in this case — I frankly don’t claim to know these arrangements) Snowden documents directly from the Guardian in a necessary attempt to bypass the UK’s crackdown on press freedom.

Odder still, according to Wittes’ Brookings bio, he worked as a professional journalist for at least a decade, both as a WaPo staffer and as an independent contributor.

Between 1997 and 2006, he served as an editorial writer for The Washington Post specializing in legal affairs. Before joining the editorial page staff of The Washington Post, Wittes covered the Justice Department and federal regulatory agencies as a reporter and news editor at Legal Times. His writing has also appeared in a wide range of journals and magazines including The Atlantic, Slate, The New Republic, The Wilson Quarterly, The Weekly Standard, Policy Review, and First Things.

Therefore I assume he is familiar with the tradition in journalism that when someone reports — even (especially) for a major newspaper as a freelancer — one gets paid.

Except he seems to want to make an exception just in this one case so as to insinuate certain things about Poitras’ reporting.

I do hope all of Wittes’ reporter friends remind him that their profession is still … a profession, and that equating professional journalism with crime sort of puts a damper on the whole freedom of the press thing, not to mention their claim that they should be compensated for their labor.

Disclosure: Obviously, with my affiliation with First Look Media, I do have a tie with Poitras (though not with this story). As an EW post, however, this post has no tie to First Look, and I have talked to neither Poitras nor anyone else at First Look before writing it.

Update: Wittes explains himself at length here (though the *@^$&*# hackers have brought Lawfare down again). It seems Wittes is nostalgic for the time when newspapers and the government had such a cozy relationship the NYT could lie us into catastrophic war in the service of the government.

I confess that I’m troubled by the power dynamics at work—for reasons that I’m sure will not endear me to my Twitter critics: I believe in institutional media. I believe in editors. And while I also deeply believe in the proliferation of voices that new media has enabled, I don’t like it that Greenwald, Gellman, and Poitras have such enormous leverage against big media organizations which I expect to make responsible publishing decisions. Put simply, I am uncomfortable with the unaccountable power that this arrangement gives people like Poitras over organizations like the New York Times.

Share this entry

Keith Alexander Refutes Claims NSA Doesn’t Get Cell Data

/1 Comment/in , , /by

Eight days ago, the country’s four major newspapers reported a claim that the NSA collected 33% or less of US phone records (under the Section 215 program, they should have specified, but did not) because it couldn’t collect most cell phone metadata:

  • “[I]t doesn’t cover records for most cellphones,” (WSJ)
  • “[T]he agency has struggled to prepare its database to handle vast amounts of cellphone data,” (WaPo)
  • “[I]t has struggled to take in cellphone data,” (NYT)
  • “[T]he NSA is gathering toll records from most domestic land line calls, but is incapable of collecting those from most cellphone or Internet calls.” (LAT)

Since that time, I have pointed to a number of pieces of evidence that suggest these claims are only narrowly true:

  • A WSJ article from June made it clear the cell gap, such as it existed, existed primarily for Verizon and T-Mobile, but their calls were collected via other means (the WaPo and NYT both noted this in their stories without considering how WSJ’s earlier claim it was still near-comprehensive contradicted the 33% claim)
  • The NSA’s claimed Section 215 dragnet successes — Basaaly Moalin, Najibullah Zazi, Tsarnaev brothers — all involved cell users
  • Identifying Moalin via the dragnet likely would have been impossible if NSA didn’t have access to T-Mobile cell data
  • The phone dragnet orders specifically included cell phone identifiers starting in 2008
  • Also since 2008, phone dragnet orders seem to explicitly allow contact-chaining on cell identifiers, and several of the tools they use with phone dragnet data specifically pertain to cell phones

Now you don’t have to take my word for it. Here’s what Keith Alexander had to say about the claim Friday:

Responding to a question about recent reports that the NSA collects data on only 20% to 30% of calls involving U.S. numbers, Alexander acknowledged that the agency doesn’t have full coverage of those calls. He wouldn’t say what fraction of the calls NSA gets information on, but specifically denied that the agency is completely missing data on calls made with cell phones.

“That part is not true,” he said. “We don’t get it all. We don’t get 100% of the data. It’s not where we want it to be, but it has been sufficient to go after the key targets that we’re going after.” [my emphasis]

Admittedly, Alexander is not always entirely honest, so it’s possible he’s just trying to dissuade terrorists from using cellphones while the NSA isn’t tracking them. But he points to the same evidence I did — that NSA has gotten key targets who use cell phones.

There’s something else Alexander said that might better explain the slew of claims that it can’t collect cell phone data.

The NSA director, who is expected to retire within weeks, indicated that some of the gaps in coverage are due to the fact that the NSA “paused any changes to the program” during the recent controversy and discussions about restructuring the effort.

The NSA has paused changes to the program.

This echoes WaPo and WSJ reports that crises (they cited both the 2009 and current crisis) delayed some work on integrating cell data, but suggests that NSA was already making changes when the Snowden leaks started.

There is evidence the pause — or at least part of it — extends back to before the Snowden leak. As I reported last week, even though the NSA has had authority to conduct a new auto-alert on the phone dragnet since November 2012, they’ve never been able to use it because of technical reasons.

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes.

This description actually came from DOJ, not the FISC, and I suspect the issue is rather that NSA has not solved some technical issues that would allow it to perform the auto-alert within the legal limits laid out by the FISC (we don’t know what those limits are because the Administration is withholding the Primary Order Supplement that would describe it, and redacting the description of the search itself in all subsequent orders).

That said, there are plenty of reasons to believe there are new reasons why NSA is having problems collecting cell phone data because it includes cell location, which is far different than claiming (abundant evidence to the contrary) they haven’t been collecting cell data all this time. In addition to whatever reason NSA decided to stop its cell location pilot in 2011 and the evolving understanding of how the US v. Jones decision might affect NSA’s phone dragnet program, 3 more things have happened since the beginning of the Snowden leaks:

  • On July 19, Claire Eagan specifically excluded the collection of cell site location information under the Section 215 authority
  • On September 1, NYT exposed AT&T’s Hemisphere program; not only might this give AT&T reason to stop collating such data, but if Hemisphere is the underlying source for AT&T’s Section 215 response, then it includes cell location data that is now prohibited
  • On September 2, Verizon announced plans to split from Vodaphone, which might affect how much of its data, including phone metadata, is available to NSA via GCHQ under the Tempora program; that change legally takes effect February 21

Remember, too, there’s a February 2013 FISC Section 215 opinion the Administration is also still withholding, which also might explain some of the “technical-meaning-legal” problems they’re having.

Underlying this all (and assuredly underlying the problems with collecting VOIP calls, which are far easier to understand and has been mentioned in some of this reporting, including the LAT story) is a restriction arising from using an ill-suited law like Section 215 to collect a phone dragnet: telecoms can only be obligated to turn over records they actually “already generate,” as described by NSA’s SID Director Theresa Shea.

[P]ursuant to the FISC’s orders, telecommunications service providers turn over to the NSA business records that the companies already generate and maintain for their own pre-existing business purposes (such as billing and fraud prevention).

To the extent telecoms use SS7 data, which includes cell location, to fulfill their Section 215 obligation (after all, what telecoms need billing records on a daily basis?), it probably does introduce problems.

Which, I suspect, will mean that Alexander and the rest of the dragnet defenders will recommend that a third party collate and store all this data, the worst of all solutions. They need to have a comprehensive source (like Hemisphere apparently plays for the DEA), one that will shield the government from necessarily having collected cell location data that is increasingly legally suspect to obtain. And they’ll celebrate it as a great sop to the civil libertarians, too, when in fact, they’ve probably reached the point where it is clear Section 215 can’t legally authorize what it is they want it to do.

The issue, more and more evidence suggests, is that they can’t collect the dragnet data without a law designed to construct the dragnet. Which is another way of saying the dragnet, as intended to function, is illegal.

Share this entry

Since Spying to Benefit Monsanto Is Not Industrial Espionage, It’s Okay

/21 Comments/in /by

One of the examples I often raise to show how our government likely uses SIGINT to advantage specific businesses is the way the government helps Monsanto budge into markets uninterested in its products.

One WikiLeaks cable showed the US embassy in Paris planned a “military-style trade war” to benefit Monsanto.

I pointed out that WikiLeaks had revealed that our diplomats had proposed a “military-style trade war” to force Europeans to adopt Monsanto’s controversial products.

The US embassy in Paris advised Washington to start a military-style trade war against any European Union country which opposed genetically modified (GM) crops, newly released WikiLeaks cables show.

In response to moves by France to ban a Monsanto GM corn variety in late 2007, the ambassador, Craig Stapleton, a friend and business partner of former US president George Bush, asked Washington to penalise the EU and particularly countries which did not support the use of GM crops.

“Country team Paris recommends that we calibrate a target retaliation list that causes some pain across the EU since this is a collective responsibility, but that also focuses in part on the worst culprits.

“The list should be measured rather than vicious and must be sustainable over the long term, since we should not expect an early victory. Moving to retaliation will make clear that the current path has real costs to EU interests and could help strengthen European pro-biotech voices,” said Stapleton, who with Bush co-owned the St Louis-based Texas Rangers baseball team in the 1990s.

I have suggested these diplomatic warriors for Monsanto likely relied on intelligence collected by the NSA.

Which is apparently what this 2004 document — described in Laura Poitras and James Risen’s latest describing spying on American law firms — seems to suggest.

Other documents obtained from Mr. Snowden reveal that the N.S.A. shares reports from its surveillance widely among civilian agencies. A 2004 N.S.A. document, for example, describes how the agency’s intelligence gathering was critical to the Agriculture Department in international trade negotiations.

“The U.S.D.A. is involved in trade operations to protect and secure a large segment of the U.S. economy,” that document states. Top agency officials “often rely on SIGINT” — short for the signals intelligence that the N.S.A. eavesdropping collects — “to support their negotiations.”

If they’re using SIGINT for “negotiations,” then they’d surely use it for “military-style” campaigns to “target retaliation” against countries trying to resist a product, wouldn’t they?

Share this entry

Today’s NSA-Related Orwellianism: “Derived From”

/10 Comments/in /by

As I noted in this post, the government has submitted its response to Mohamed Osman Mohamud’s motion for discovery on how DOJ came to forget to tell him he had been discovered through the use of Section 702 spying.

The bulk of their argument basically boils down to this assertion, which they repeat in many forms throughout their response.

A remedy for untimely notice exists under FISA: the defendant will be given the opportunity to challenge evidence obtained or derived from FISA collection in a suppression hearing governed by the procedures set forth in FISA.

That is, they argue the only thing Mohamud is entitled to is an opportunity to challenge the Section 702 evidence, which they intend to prevent adversarial review of by chanting “national security.” Which is another way of saying they believe Mohamud has no real remedy at all.

But the really pathetic part of the response comes in the passage where they try to explain why they didn’t give Mohamud timely review.

The problem was not bad faith, they argue (and they’d like the judge to just ignore the other late notice they gave Mohamud in this case). No, not at all.

Rather, it derived from confusion over the meaning of “derived from.”

You see, DOJ has always known that it must notify defendants when they plan to use information “derived from” Title VII (that is, Section 702) collection.

At the outset, defendant’s assertion regarding the existence of a “secret policy” and claim that the government engaged in deliberate misconduct to conceal the use of Title VII-derived evidence are unfounded. The Department has always understood that it is required to notify any “aggrieved person” of its intent to use or disclose, in a proceeding against such person, any information obtained or derived from Title VII collection as to which that person is an aggrieved person, in accordance with 50 U.S.C. §§ 1806(e), 1881e(a).

It’s just that DOJ didn’t really consider information “derived from” Section 702 to be information “derived from” Section 702, instead considering it to be “obtained from” Title I (traditional FISA) and Title III (stored communication). Or something like that.

The Department’s determination, however, that information obtained or derived from Title I or Title III collection may, in particular cases, also be derived from prior Title VII collection is a relatively recent development (and one that occurred after trial of defendant). The Supplemental Notification filed in this case, which the government provided based on its own review, resulted from that determination and demonstrates good faith, not misconduct.

As this Court knows, pursuant to Title I of FISA, the government must notify any “aggrieved person” of its intent to “enter into evidence or otherwise use or disclose,” in a proceeding against such person, “any information obtained or derived from [FISA authorized] electronic surveillance of that aggrieved person.” 50 U.S.C. § 1806(c); see also 50 U.S.C. § 1825(d) (requiring notice to an aggrieved person of the intent to use evidence against such person obtained or derived from a physical search conducted pursuant to FISA). The FAA provides that information acquired from Title VII collection “is deemed to be” information acquired pursuant to Title I for, among other things, the purposes of the applicability of the statutory notice requirement and the suppression and discovery provisions in Section 1806 of Title I. See 50 U.S.C. § 1881e(a).

The Department has always understood that notice pursuant to Sections 1806(c), 1825(d) and 1881e(a) must be provided when the government intends to use evidence directly collected pursuant to Title I, III, or VII. Such evidence would be evidence that was “obtained from” such FISA collection.

It’s around about here that the government admits it has been using a different definition of “derived from” in the case of criminal Title III warrants “derived from” FISA information than it has been when using FISA warrants “derived from” other FISA collection.

Likewise, the Department has always recognized that notice pursuant to those provisions must be provided when the government intends to use evidence obtained through ordinary criminal process (such as a Rule 41 search warrant) that was itself based directly on information obtained pursuant to Title I, III, or VII. Such evidence would be evidence that was “derived from” such FISA collection.

Prior to recent months, however, the Department had not considered the particular question of whether and under what circumstances information obtained through electronic surveillance under Title I or physical search under Title III could also be considered to be derived from prior collection under Title VII. After conducting a review of the issue, the Department has determined that information obtained or derived from Title I or Title III FISA collection may, in particular cases, also be derived from prior Title VII collection, such that notice concerning both Title I/III and Title VII collections should be given in appropriate cases with respect to the same information.3

3 The Department has concluded that in determining whether information is “obtained or derived from” FISA-authorized surveillance, the appropriate standards and analyses are similar to those appropriate in the context of surveillance conducted pursuant to Title III (Title III of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. §§ 2510-2522).

Breaking! DOJ plans to start treating legal words used in a national security context the same as they treat the same words in a criminal context.

And so you see, the problem was not a matter of bad faith or prosecutorial misconduct. Goodness no! It was just that DOJ used a special definition of “derived from” back in 2010 when it did not provide proper notice to Mohamud.

In November 2010, at the time the original notice was filed, the government knew that some of the evidence to be used in the case had been obtained or derived from Title I and Title III FISA collection. It did not consider whether that same evidence was also “derived,” as a matter of law, from prior FISA collection pursuant to Titles I, III, or VII.

Note they’re subtly changing their argument here. They’re suggesting they didn’t consider whether this information was “derived from” Section 702 in 2010, even though they’ve just explained that even if they had, they would have been using their special definition of “derived from” that would have led them to conclude that information “derived from” Section 702 is not really information “derived from” Section 702.

There’s a reason they’re doing that, I think. DOJ needs to pretend that when it was arguing that the Amnesty v. Clapper plaintiffs shouldn’t get standing to challenge Section 702, because only defendants being prosecuted based on evidence “derived from” 702 should — and more importantly would — get to challenge Section 702, it wasn’t using this sneaky definition of “derived from.”

4 Defendant’s claim that the Department’s statements to the U.S. Supreme Court in Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138 (2013), were inconsistent with existing Department policy is baseless. The Department informed the U.S. Supreme Court in that case, that “[i]f the government intends to use or disclose any information obtained or derived from its acquisition of a person’s communications under [Title VII] in judicial or administrative proceedings against that person, it must provide advance notice of its intent to the tribunal and the person, whether or not the person was targeted for surveillance under [Title VII].” US Gov’t Br. at 8. This is an accurate statement of both the law and the government’s previous and current understanding that FISA imposes an obligation on the government to provide notice of its intent to use or disclose information that was derived from Title VII collection as well as information that was obtained from Title VII collection. The issue before the Court in Clapper did not involve the precise circumstances in which information is properly considered to be derived from Title VII collection, and as such that case has no bearing here.

Using a specious definition of “derived from” with an alleged terrorist is one thing. Using the very same specious definition of “derived from” with SCOTUS is a very different thing. And DOJ would like you to think they’re not doing just that.

It almost makes you wish this very challenge gets appealed up to SCOTUS, to see what the Justices think about DOJ’s special definition of “derived from.”

Share this entry