The Easy Section 702 Surveillance Number James Clapper Can Share

Last week, a bunch of House Judiciary Committee members set James Clapper a letter stating that before the Committee deals with Section 702 reauthorization next year, they’d like:

  • The number of telephone communications in which one caller is located in the United States
  • The number of Internet communications acquired through upstream collection that originate or terminate in the United States
  • The number of communications of or concerning U.S. persons that the NSA positively identifies as such in the routine course of its work

They asked for those numbers by May 6.

In response, Clapper is humming and hawing about “several options” for disclosing how many Americans get spied on under Section 702.

Clapper said that “any methodology we come up with will not be completely satisfactory to all parties.”

“If we could have made such an estimate and if such an estimate were easy to do — explainable without compromise — we would’ve done it a long time ago,” he said.

We just learned there is, however, one number that should be easy-peasy to make public (and one I’m frankly alarmed the HJC members didn’t mention, as they should have known about it for some time): the number of back door searches FBI conducts on Section 702 data for reasons other than national security.

As I noted the other day, in response to FISC amicus (and former Eric Holder counsel) Amy Jeffress’ argument that FBI’s back door searches of Section 702 are unconstitutional, Thomas Hogan required FBI “submit in writing a report concerning each instance … in which FBI personnel receive and review Section 702-acquired information that the FBI identifies as concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.” As I noted, that’s an easily gamed number — I’m sure FBI treats a lot of criminal matters as national security ones, and FBI has the ability to see if there is 702 data without looking at it, permitting it to see if the same data is available under another authority.

Nevertheless, DOJ must have an exact number of reports they’ve submitted in response to this reporting requirement, which has been in place for over four months.

That’s not to say HJC shouldn’t insist on getting estimates for all the other numbers they’re seeking. But they should also demand that this number — the number of times FBI is using a foreign intelligence exception for criminal prosecutions that should be subject to a probable cause standard — be made public.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

The Theory of Business Enterprise Part 2: Neoclassical Economists and Veblen

The material framework of modern civilization is the industrial system, and the directing force which animates this framework is business enterprise. To a greater extent than any other known phase of culture, modern Christendom takes its complexion from its economic organization. This modern economic organization is the “Capitalistic System” or “Modern Industrial System,” so called. Its characteristic features, and at the same time the forces by virtue of which it dominates modern culture, are the machine process and investment for a profit.

That’s the first paragraph of The Theory of Business Enterprise by Thorstein Veblen. The 1904 book is written in an unfamiliar style, combining words and formulations we don’t use any more with a decided lack of the kinds of references we’d expect in a work of sociology or economics. It shows a kind of subversive humor as well. The reference to Christendom is funny coming from an agnostic whose rejection of religion made it difficult for him to find work. And it’s blunt.

The first three chapters lay out several ideas about the way society was organized at the time he wrote. By then the industrialization of the country and the consolidation into trusts, holding companies and interlocking directorates was well underway. The dominant force in society, Veblen says, was the industrial process with its intricate workings that required coordination of workers across many plants and industries for maximum efficiency. It required standardization of processes and goods across the range of activity, from hours of operation to fine details about the items produced so that they could be used for many different purposes. That meant that a large segment of the population had to adapt the way they lived to accommodate the processes of industry. The people who controlled the great enterprises held direct or indirect control over a large part of the lives a vast number of working people.

At the beginning of the Industrial Revolution factories were owned an operated by individuals with a view to making a living. Over time the Captains of Industry (his words) built up capital and began to treat factories not as sources of livelihood but assets to be bought and sold, and operated as generators of profit from investment. As Veblen describes the activities of the businessmen, it feels like the creation of a market in plants and equipment and other rights of ownership like railroad rights-of-way and patents. The industrial processes themselves were not operated, or even necessarily understood, by the Captains. They were designed and operated by engineers, inventors and mechanics, ond operated by workers with varying degrees of skill. All of them were working to make production as simple and as useful as possible. They depended for their livelihoods on paychecks from the Captains of Industry.

As different parts of production moved from handicraft to machine process, ownership of parts of the industrial process often were not the most efficient, as with railroads and electricity. The boundaries were unstable because the Captains of Industry were constantly fighting with one another for control of different parts of the process.

Standard economics in Veblen’s time looked a lot like our neoliberal economics as taught by Mankiw. Veblen disagrees. He starts with the proposition that the sole point of investment for profit is profit, not efficiency or the good of the community.

1. Standard economics taught that businesses are efficient. The smooth working of industrial processes require constant attention and interstitial adjustments. Veblen points out that there are opportunities for profit when the smooth operation of industrial processes is disrupted. It doesn’t matter how the disruption comes about, whether there is an improvement that reduces a cost, or a spike in demand perhaps because of a war, or a drop in demand because of a depression, or whether the Captain of Industry disrupts his own operations or whether a competitor does so. Disruptions are opportunities for profit. It doesn’t matter that the workers are thrown out or the community suffers. There are profits to be made.

The outcome of this management of industrial affairs through pecuniary transactions, therefore, has been to dissociate the interests of those men who exercise the discretion from the interests of the community. This is true in a peculiar degree and increasingly since the fuller development of the machine industry has brought about a close-knit and wide-reaching articulation of industrial processes, and has at the same time given rise to a class of pecuniary experts whose business is the strategic management of the interstitial relations of the system. Broadly, this class of business men, in so far as they have no ulterior strategic ends to serve, have an interest in making the disturbances of the system large and frequent, since it is in the conjunctures of change that their gain emerges. Qualifications of this proposition may be needed, and it will be necessary to return to this point presently.

What this means that that there are people in businesses who job is to disrupt things to make a profit. Veblen doesn’t believe in the magic invisible hand of the market; he sees the fists of the Captains of Industry.

2. Standard economics taught that one of the main values provided by the businessman is the rationalization of industrial processes. Veblen says that consolidation is done not in the interest of smoother industrial processes, but in the interest of profits. It only happens when the Captains of Industry can profit, which is always long after the need becomes obvious, and only in the way in which the Captains of Industry can profit, which may or may not be most efficient. He admits that a businessman may be motivated by ideals of workmanship and serviceability (his word) to the community, but this is “not measurable in its aggregate results”. To the extent it is measurable, it comes from the elimination of the costs of the business transactions that are eliminated by mergers and “industrially futile manoeuvring” to gain leverage for deals, so that

… probably the largest, assuredly the securest and most unquestionable, service rendered by the great modern captains of industry is this curtailment of the business to be done, this sweeping retirement of business men as a class from the service and the definitive cancelment of opportunities for private enterprise.

3. Standard economics taught that businesses are subject to the indirect control of consumers, who decide by their purchases which businesses survive and which fail. Veblen says that businesses of his day, business owners are removed from actual contact with customers. There is plenty of money to be made cheating customers, he says, in part because industrial processes were so efficient that there was plenty of room for waste and war.

4. Standard economics taught that competition is the lifeblood of capitalism. Veblen says businessmen charge as much as they can. Competition is only a factor when the Captain doesn’t have a monopoly, and then it is only one of several factors.

But it is very doubtful if there are any successful business ventures within the range of the modern industries from which the monopoly element is wholly absent. They are, at any rate, few and not of great magnitude. And the endeavor of all such enterprises that look to a permanent continuance of their business is to establish as much of a monopoly as may be. Fn. omitted.

5. Standard economics taught that the market pays according to the value of the work done, which is taken to be proportional to the value to the community. Veblen says there is no relationship between the profits and wages of a business and value to the community, and that money is a poor proxy for value to a community. He also says that wages bear no relation to the productive value of the work done, but rather workers are paid only enough to get them to work hard enough to make the products of their labor saleable.

Standard economics from Veblen’s day is taught in Econ 101 today. Veblen is an astringent antidote.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Monday Morning: Tectonic Shift

Last week after the artist Prince Rogers Nelson died, a segment of the population were mystified by the reaction to his passing. They’d missed impact this artist had had on music which happened concurrent with a paradigm shift in the entertainment industry. Prince rose in sync with music videos in the 1980s when musical artists became more than sound alone.

Music television has since collapsed as anyone who watched MTV and VH-1 since 2000 can tell you. Programming once dedicated to music videos became a mess of unscripted reality programs and oddments, punctuated occasionally by music specials, chasing an audience which increasingly found and consumed music on the internet.

This weekend, though, marked another shift. R&B pop artist Beyoncé released a ‘visual album’ on HBO on Saturday evening entitled ‘Lemonade’. The work was available exclusively through Tidal after its HBO premiere until midnight last night when it was released on Apple iTunes. This is the first music collection released in this manner, using a cable network not previously dedicated to music in tandem with internet streaming and download sales.

I won’t offer any analysis here about the album; you’re not looking if you do not see at least a fraction of the deluge of reaction and think pieces responding to Beyoncé’s latest work. I will say, though, that like Prince’s Purple Rain in 1984, this collection of work will have long-term impact across not only music but the entire entertainment industry.

Let’s launch this week’s roundup…

The Dutch pull a Lavabit-plus
Encrypted communications network Ennetcom was shut down on Friday and its owner arrested. Dutch law enforcement claimed Ennetcom was used by organized crime; its owner is accused of money laundering and illegal weapons possession. The network relied on servers located in Canada, where law enforcement has cooperated with the Netherlands by copying the information on the servers. Unlike the former secure email provider Lavabit in the U.S., it’s not clear there was any advance request for information by way of warrant served on Ennetcom in either the Netherlands or in Canada. Given the mention of illegal weapons, one might wonder if this seizure is related to the recent prosecution of gun smugglers in the UK.

Time for ‘Spring Cleaning’ — get rid of digital dust bunnies
Seems like a surprising source for a nudge on this topic, but the Better Business Bureau is right to encourage cleaning and maintenance. If you read Marcy’s post this morning, you know failing to use adequate passwords and firewalls can be costly. It’s time to go through your electronic devices and make sure you’re using two-factor authentication where possible, freshly reset strong passwords, and on your network equipment as well as your desktop and mobile devices.

Planning for your funeral – on Facebook?
A BBC piece this past week noted that Facebook will eventually have more dead users than live ones. Which brings up an interesting question: how do you want your digital presence handled after you die? Do you have instructions in place? Keep in mind, too, that your social media could be mined to recreate an online personality — your personality. Do you want to live forever in teh toobz?

Investigation into Flint’s water crisis continues
A Michigan legislative panel appointed by Governor Rick Snyder will hear from more state and local officials today in its fifth such meeting to investigate the Flint water crisis. Snyder is conveniently out of the country trying to drum up business in Europe — and conveniently not drinking Flint’s water.

Odds and sods

  • Waiting for word on Yahoo’s final bidders list (Bloomberg) — No word yet on who will remain among the 10 first-round bidders offering between $4-$8 billion.
  • German regulators won’t approve recall and fix of VW’s 2.0-liter diesel-powered Passat (Bloomberg) — And yet the U.S. is going forward with VW’s proposed fix for 2.0l vehicles? Odd, given Germany’s less-stringent approach to automotive emissions compared to U.S. and California in particular.
  • A UK-based inquiry found widespread emissions controls failure (Phys.org) — By widespread, I mean “not a single car among the 37 models involved in the study met an EU lab limit for nitrogen oxide emissions under normal driving conditions.” VW’s emissions controls defeat was just the tip of the iceberg.

There’s your Monday. Have at it!

UPDATE — 5:25 P.M. EDT — Oops, the auto-publish feature failed me today. I wasn’t able to come back and check the egg timer on this post and it got stuck in the queue. Oh well, better luck tomorrow morning!

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

NSA Failed to Fully Inform FISC Even After It Started Fact-Checking Itself

On Friday, I described how, for four years after the FISA Court ruled that NSA couldn’t keep otherwise unlawfully collected information from a single traditional FISA order, the NSA continued to do just that with data from 702 orders.

Hogan was [] surprised to learn NSA was doing the same thing — and had been! — with Section 702 data that had otherwise been purged, which the NSA confessed to Hogan in July of last year. That is, having stopped the practice with a single traditional FISA order, they kept doing it with programmatic 702 data.

In light of the May 2011 [redacted], the Court was very surprised to learn from the July 13, 2015 Notice that the NSA had not been deleting from [redacted] Section 702 records placed on the NSA’s Master Purge List (“MPL”).

[snip]

As the Court explained to the government at the October 8 Hearing, it expects the government to comply with its heightened duty of candor in ex parte proceedings at all times. Candor is fundamental to this Court’s effective operation in considering ex parte submissions from the government, particularly in matters involving large and complex operations such as the implementation of Section 702.

That’s pathetic, given the history of material misstatements to FISC.

All the more so given that it happened after NSA implemented an effort to make sure it started telling FISC the truth (the date is redacted, but it probably happened sometime between October 2011 and March 2013).

As laid out in a 2013 reissue of a 2012 NSA IG report (this report starts at PDF 55; Charlie Savage liberated this via FOIA), NSA implemented a fact-checking process on its own FISC submissions. (See PDF 101)

Screen Shot 2016-04-25 at 9.15.54 AM

NSA is hiding when they first started fact-checking themselves, but it happened by March 2013. Which means the 2013 and 2014 702 recertification submissions were fact-checked. “The [Verification of Accuracy] procedures require all factual statements within the declarations to be verified.” Yet neither told FISC that NSA continued to retain communications from selectors on the Master Purge List in a management database two and three years after the time (at that point) FISC had told NSA, in an order titled, “Opinion and Order Requiring Destruction of Information Obtained by Unauthorized Electronic Surveillance,” it could not do so, not even with data unlawfully obtained on a single targeted FISA order. It took another year before NSA confessed to FISC it was keeping 702 data that should have been purged.

Perhaps the continued discovery of three to four violations every time NSA submits its recertification process reflects the slow implementation of fact-checking. Or perhaps there are just too many databases in which willing NSA employees can stash information before it gets purged off all the other databases.

But if the VoA was supposed to “increase confidence” in what NSA says to courts and Congress, it’s not clear how continuing to miss things like ongoing retention of unlawfully collected information does that.

Related posts on the November 6, 2015 reauthorization opinion

The NSA Has Never Not Been Violating FISA Since It Moved Stellar Wind to FISA in 2004

The Government Admits 9 Defendants Spied On Under Section 702 Have Not Gotten FISA Notice

Former Top Holder Aide Says Back Door Searches Violate Fourth Amendment; FISC Judge Thomas Hogan Doesn’t Care

FBI’s Back Door Searches: Explicit Permission … and Before That
Last July, NSA and CIA Decided They Didn’t Have to Follow Minimization Procedures, and Judge Hogan Is Cool with That

Please consider a donation to support this work.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Turns Out Their Reassurances Were Too SWIFT

When I first wrote about the $81 million bank heist of Bangladesh, I noted that the hack appeared to target SWIFT, the international payment transfer system, even while SWIFT itself was giving us reassurances that they had not been breached.

While SWIFT insists it has not been breached, the hackers used a name making it clear they were targeting the SWIFT system.

On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”

SWIFT is sending out a security advisors to its members, advising them to shore up their local operating environments.

Three days ago, Reuters issued a report that seemed to reiterate the centrality of the negligence of Bangladesh bank for the hack, which was relying on a second-hand, $10 router for its SWIFT set-up.

Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said.

The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.

“It could be difficult to hack if there was a firewall,” Alam said in an interview.

The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added.

Though local cops cast some of the blame on SWIFT.

The police believe that both the bank and SWIFT should take the blame for the oversight, Alam said in an interview.

“It was their responsibility to point it out but we haven’t found any evidence that they advised before the heist,” he said, referring to SWIFT.

A spokeswoman for Brussels-based SWIFT declined comment.

Which might have been the tip-off that this was coming…

The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.

SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT would release on Monday a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.

[snip]

Deteran told Reuters on Sunday that it was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records.” She said “the malware has no impact on SWIFT’s network or core messaging services.”

The software update and warning from Brussels-based Swift, or the Society for Worldwide Interbank Financial Telecommunication, come after researchers at BAE (BAES.L), which has a large cyber-security business, told Reuters they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access.

One wonders whether SWIFT would have released a public statement if not for BAE’s imminent public report on this?

Again, NSA managed to hack into SWIFT (double-dipping on the sanctioned access they got through an agreement with the EU) via printer traffic at member banks.

NSA’s TAO hackers hacked into SWIFT (even though the US has access to SWIFT to obtain counterterrorism information via an intelligence agreement anyway), apparently by accessing printer traffic from what sounds like member banks.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

So SWIFT had warning there were vulnerabilities in its local printer system (though it’s not clear this is the same vulnerability the Bangladesh thieves used).

You’d think SWIFT would have made some effort when that became public to shore up vulnerabilities in the global finance system. Instead, they left themselves vulnerable to a $10 router.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

CyberCommand Turns Its “Cyberbombs” from Assad to ISIS

David Sanger has a long piece on how CyberCom is — for the first time, he says! — launching cyberattacks on ISIS.

The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons.

The effort reflects President Obama’s desire to bring many of the secret American cyberweapons that have been aimed elsewhere, notably at Iran, into the fight against the Islamic State — which has proved effective in using modern communications and encryption to recruit and carry out operations.

The National Security Agency, which specializes in electronic surveillance, has for years listened intensely to the militants of the Islamic State, and those reports are often part of the president’s daily intelligence briefing. But the N.S.A.’s military counterpart, Cyber Command, was focused largely on Russia, China, Iran and North Korea — where cyberattacks on the United States most frequently originate — and had run virtually no operations against what has become the most dangerous terrorist organization in the world.

[snip]

The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters. A benefit of the administration’s exceedingly rare public discussion of the campaign, officials said, is to rattle the Islamic State’s commanders, who have begun to realize that sophisticated hacking efforts are manipulating their data. Potential recruits may also be deterred if they come to worry about the security of their communications with the militant group.

[snip]

“We are dropping cyberbombs,” Mr. Work said. “We have never done that before.”

The campaign has been conducted by a small number of “national mission teams,” newly created cyberunits loosely modeled on Special Operations forces.

Golly, what a novel idea, hacking an adversary that relies on the Internet for its external strength? Imagine how many people we could have saved if we had done that a few years ago? And all this time CyberCom has just been sitting on its thumbs?

Sanger suggests, of course, that CyberCom has been otherwise focused on Russia, China, Iran, and North Korea, which (post-StuxNet) would be significantly an active defense. He pretends that cyber attacks have not been used in the ISIS theater at all.

Of course they have. They’ve been going on so long they even made the Snowden leaks (as when NSA “accidentally” caused a blackout in Syria).

But it would be inconvenient to mention attacks on Syria (as distinct from its ally Iran), I guess, because it might raise even more questions about why we’d let ISIS get strong enough, largely using the Internet, to hit two European capitals without undercutting them in the most obvious way. It all makes a lot of sense if you realize we have, at the same time, been directing those resources instead at Bashar al-Assad.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

The NSA Has Never Not Been Violating FISA Since It Moved Stellar Wind to FISA in 2004

Back in 2013, I noted that FISA Judge John Bates had written two opinions finding NSA had violated 50 U.S.C. §1809(a)(2), which prohibits the “disclos[ure] or use[ of] information obtained under color of law by electronic surveillance, knowing or having reason to know that the information was obtained through electronic surveillance not authorized by” FISA. Each time he did it, Bates sort of waggled around the specter of law-breaking as a way of forcing NSA to destroy data they otherwise wanted to retain and use. I suspect that is why NSA moved so quickly to shut down its PRTT program in 2011 in the wake of his upstream opinion.

In his November 6, 2015 opinion reauthorizing Section 702, presiding judge Thomas Hogan described two more definite violations of 50 U.S.C. §1809(a)(2), and one potential one, bringing the list of times the FISC caught NSA illegally surveilling Americans to four, and potentially five, times.

  1. Fall 2009 confession/July 2010 opinion: Collection of categories of data under the bulk PRTT program not permitted by the FISC (Bates’ opinion describes a category violation reported to FISC in the very first PRTT docket, along with NSA’s assurances it would never happen again)
  2. June 2010 confession/December 10 2010, May 13, 2011 opinions: Retention of overcollected data from a traditional FISA warrant in mission management systems ultimately not deemed necessary for collection avoidance
  3. May 2011 confession/October 3, 2011 opinion: Collection of entirely domestic communications on upstream surveillance MCTs
  4. July 13, 2015 confession/November 6, 2015 opinion: Retention of 702 communications that had been otherwise purged in mission management systems, even though FISC had ruled against such retention in 2011
  5. [Potential] July 13, 2015 confession/November 6, 2015 opinion: Retention of data that should have been purged or aged off in compliance databases

Hogan describes these incidents starting on 56.

Between June and August of 2010, the government filed some notices of violation in conjunction with a single electronic surveillance order (on page 58, he describes that as dealing “exclusively with Title I collection in a particular case.”) It’s unclear whether the scope of the surveillance extended beyond what had been authorized, or whether the government had conducted surveillance based on illegally collected data (Hogan refers to it both as overcollection but also as poison fruit). As part of its efforts to resolve the problem, the government argued it could keep some of this poisonous fruit in some kind of oversight database to prevent further collection. But it also argued that its minimization procedures “only applied to interceptions authorized by the Court and did not apply to the fruits of unlawful surveillance,” effectively arguing that if it broke the law the FISC could then not tell it what to do because it had broken the law. The government also argued 50 U.S.C. §1809(a)(2) “only prohibits use or disclosure of unlawfully obtained information for investigative or analytic purposes,” meaning it could keep illegal data for management purposes.

FISC didn’t buy this argument generally, but in a December 10, 2010 opinion did permit NSA to retain “the results of unauthorized surveillance [that] are needed to remedy past unauthorized surveillance or prevent similar unauthorized surveillance in the future.” In that opinion, FISC cited John Bates’ July 2010 PRTT opinion discussing the application of 50 U.S.C. §1809(a)(2).

After further review, on May 13, 2011, the court ruled that the specific data in question did not fall within that exception.

[C]ourts should not attempt “to restrict the unqualified language of a [criminal] statute to the particular evil that Congress was trying to remedy — even assuming that it is possible to identify that evil from something other than the text of the statute itself.” Brogan v United States, 522 U.S. 398, 403 (1998) … The exception recognized in the December 10, 2010 Opinion stands on narrower but firmer ground: that in limited circumstances, prohibiting use of disclosure of the results of unauthorized electronic surveillance would be “so ‘absurd or glaringly unjust’ … as to [call into] question whether Congress actual intended what the plain language of Section 1809(a)(2) “so clearly imports.”

That decision only related to one traditional FISA order — but it did lay out the principle that NSA couldn’t keep illegally collected data for vague management reasons.

Which is why Hogan was so surprised to learn NSA was doing the same thing — and had been! — with Section 702 data that had otherwise been purged, which the NSA confessed to Hogan in July of last year. That is, having stopped the practice with a single traditional FISA order, they kept doing it with programmatic 702 data.

In light of the May 2011 [redacted], the Court was very surprised to learn from the July 13, 2015 Notice that the NSA had not been deleting from [redacted] Section 702 records placed on the NSA’s Master Purge List (“MPL”).

[snip]

As the Court explained to the government at the October 8 Hearing, it expects the government to comply with its heightened duty of candor in ex parte proceedings at all times. Candor is fundamental to this Court’s effective operation in considering ex parte submissions from the government, particularly in matters involving large and complex operations such as the implementation of Section 702.

After the hearing, the government submitted several filings effectively saying it was purging the data, then admitting that the technical process it had implemented to effect the purge was only purging some of the selectors that had been illegally collected.

In any case, after 4 years of retaining 702 data that had to be purged, they were finally moving towards deleting it last year.

The second violation pertains to two tools (both names of which are redacted) that help determine whether a selector can be or has been properly tasked (on page 76, Hogan suggests “most Section 702 information [in these databases] that is otherwise subject to purge pertains to roamer communications.”

The first appears to be a pre-tasking tool to see whether it properly tasked. This tool has not aged off PRISM data within the required 5 years, nor upstream data within the required 2 years, though it has aged off pre-October 31, 2011 upstream data. NSA has not done so “because of the utility of these records for compliance and collection avoidance purposes.”  It also helps to respond to OSD and ODNI oversight questions.

The second is a post-tasking tool to identify whether a Section 702 target may be in the US. It doesn’t age off PRISM data within the required 5 years, though it does treat upstream data properly. In addition, it doesn’t purge items that have been added to the Master Purge List. Rather than purging, it just masks certain fields from most users.

In general, Hogan seemed to believe most of this data did fall within the narrow exception laid out in the December 2010 opinion permitting the retention of unauthorized data for the purposes of collection avoidance, though he asked for further briefing that would have taken place in January.

He did point to the inclusion in these two tools of other selectors that had been put on the purge list, however, which would raise additional questions:

Examples would be incidentally acquired communications of or concerning United States persons that are clearly not relevant to the authorized purpose of the acquisition or that do not contain evidence of a crime which may be disseminated under the minimization procedures … attorney-client communications that do not contain foreign intelligence information or evidence of a crime … and any instances in which the NSA discovers that a United Staes person or person not reasonably believed to be outside the United States at the time of targeting has been intentionally targeted under Section 702.

That is, Hogan raised the possibility that these tools included precisely the kind of information that should be deliberately avoided.

Ah well. He still reauthorized Section 702.

Consider what this means: between the five years between when, in fall 2004, NSA told Colleen Kollar-Kotelly it was violating her category restrictions on the bulk Internet dragnet until the time, in 2009, it admitted it continued to do so with every single record collected, between the non-disclosure of what NSA was really doing with upstream surveillance between 2008 and 2011, and between the time FISC told NSA it couldn’t keep illegally collected data for management reasons in May 2011 to the time in July 2015 it confessed it had continued to do that with 702 data, NSA has always been in violation of 50 U.S.C. §1809(a)(2) since it moved Stellar Wind to FISA.

And that’s just the stuff they have admitted to.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

DOJ’s Awesome New Trick to Break into Apple Phones

DOJ has apparently come up with an amazing new trick to break into Apple phones: to ask defendants in the weeks before they sentence them.

Throughout the challenge over the phone in EDNY, Apple has raised a number of other ways DOJ could get into Jun Feng’s phone. That includes some known forensic tools, but especially — given that Feng pled guilty — simply asking him for his password a second time. According to WSJ’s report on why DOJ just withdrew their request in that case, DOJ hadn’t tried the latter method, until now.

In a one-page letter filed with a Brooklyn federal court Friday night, the government said an individual had recently come forward to offer the passcode to the long-locked phone. The filing means that in both of the high-profile cases pitting the Justice Department against Apple, the government first said it couldn’t open the phone, only to suddenly announce it had found a way into the device as the case proceeded in court.

“Yesterday evening, an individual provided the passcode to the iPhone at issue in this case,’’ prosecutors said in their terse letter to the judge. “Late last night, the government used that passcode by hand and gained access to the iPhone. Accordingly, the government no longer needs Apple’s assistance to unlock the iPhone, and withdraws its application.’’

[snip]

After he was arrested, Mr. Feng told agents that he didn’t remember the phone’s passcode, leading investigators eventually to seek Apple’s help. The Wall Street Journal reported last week that Mr. Feng only recently learned his phone had become an issue in a high-stakes legal fight between prosecutors and Apple. Mr. Feng, who has pleaded guilty and is due to be sentenced in the coming weeks, is the one who provided the passcode to investigators, according to people familiar with the matter.

Geniuses! Use the sentencing process, rather than the All Writs Act, to open up a phone captured two years ago (which probably has even less usable evidence than Syed Rizwan Farook’s phone did.

These prosecutors are really using some amazing tools these days.

 

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

The Government Admits 9 Defendants Spied On Under Section 702 Have Not Gotten FISA Notice

As I noted, in his opinion approving the Section 702 certifications from last year, Judge Thomas Hogan had a long section describing the 4 different kinds of violations the spooks had committed in the prior year.

One of those pertained to FBI agents not establishing an attorney-client review team for people who had been indicted, as mandated by the FBI’s minimization procedures.

In his section on attorney-client review team violations, Hogan describes violations in all four of the Quarterly Reports submitted since the previous 702 certification process: December 19, 2014, March 20, 2015, June 19, 2015, and September 18, 2015. He also cites three more Preliminary Compliance Reports that appear not to be covered in that September 18, 2015 report: one on September 9, 2015, one on October 5, 2015, and one on October 8, 2015. His further discussion describes the government claiming at a hearing on October 8 to discuss the issue that, thanks to a new system FBI had deployed to address the problem, “additional instances of non-compliance with the review team requirement were discovered by the time of the October 8 Hearing.”

But as Hogan notes in his November 2015 opinion, FBI discovered a lot of these issues because FBI had had a similar problem the previous year and he required them to review for it closely in his 2014 order. A July 30, 2014 letter submitted as part of the recertification process describes two instances in depth: one noticed in February 2014 and reported in the March Quarterly report, and one noticed in April and reported in the June 2014, each involving multiple accounts. A footnote to that discussion admits “there have been additional, subsequent instances of this type of compliance incident.”

Set aside, for the moment, the persistence with which FBI failed to set up review teams to make sure prosecutorial teams were not reading the attorney-client conversations of indicted defendants (who are the only ones who get such protection!!!). Set aside the excuses they gave, such as that they thought this requirement — part of the legally mandatory minimization procedures — didn’t apply for sealed indictments or with targets located outside the United States.

Conservatively, this significantly redacted discussion identifies 9 examples (2 reported in Compliance Reports in 2014, at least 1 reported each in each of four quarterly Compliance report between applications, plus 3 individual compliance reports submitted after the September Compliance report) when people who have been indicted had their communications collected under Section 702, whether they were the target of the 702 directives or not.

And yet, as Patrick Toomey wrote in December, not a single defendant has gotten a Section 702 notice during the period in question.

Up until 2013, no criminal defendant received notice of Section 702 surveillance, even though notice is required by statute. Then, after reports surfaced in the New York Times that the Justice Department had misled the Supreme Court and was evading its notice obligations, the government issued five such notices in criminal cases between October 2013 and April 2014. After that, the notices stopped — and for the last 20 months, crickets.

We know both Mohamed Osman Mohamud — who received a 702 notice personally — and Bakhtiyor Jumaev — who would have secondary 702 standing via Jamshid Muhtorov, with whom he got busted — had their attorney-client communications spied on. But that wasn’t (damn well better not have been!!) 702 spying, because both parties to all those conversations were in the US.

These are 9 different defendants who’ve not yet been told they were being spied on under 702.

Why not?

The answer is probably the one Toomey laid out: that even though members of a prosecutorial team were listening in on attorney-client conversations collected under 702, DOJ made sure nothing from those conversations (or anything else collected via 702) got used in another court filing, and thereby avoided the notice requirement.

Based on what can be gleaned from the public record, it seems likely that defendants are not getting notice because DOJ is interpreting a key term of art in Fourth Amendment law too narrowly — the phrase “derived from.” Under FISA itself, the government is obliged to give notice to a defendant when its evidence is “derived from” Section 702 surveillance of the defendant’s communications. There is good reason to think that DOJ has interpreted this phrase so narrowly that it can almost always get around its own rule, at least in new cases.

It is clear from public reporting and DOJ’s filings in the ACLU’s lawsuit that it has spent years developing a secret body of law interpreting the phrase “derived from.” Indeed, from 2008 to 2013, National Security Division lawyers apparently adopted a definition of “derived” that eliminated notice of Section 702 surveillance altogether. Then, after this policy became public, DOJ came up with something else, which produced a handful of notices in existing cases.

Savage reports in Power Wars that then-Deputy Attorney General James Cole decided that Section 702 information had to have been “material” or “critical” to trigger notice to a defendant. But the book doesn’t provide any details about the legal underpinnings for this rule or, crucially, how Cole’s directive was actually implemented within DOJ. The complete absence of Section 702 notices since April 2014 suggests DOJ may well have found new ways of short-circuiting the notice requirement.

One obvious way DOJ might have done so is by deeming evidence to be “derived from” Section 702 surveillance only when it has expressly relied on Section 702 information in a later court filing — for instance, in a subsequent FISA application or search warrant application. (Perhaps DOJ’s interpretation is slightly more generous than this, but probably not by much.) DOJ could then avoid giving notice to defendants simply by avoiding all references to Section 702 information in those court filings, citing information gleaned from other investigative sources instead — even if the information from those alternative sources would never have been obtained without Section 702.

So these 9 mystery defendants don’t tell us anything new. They just give us a number — 9 — of defendants the government now has officially admitted have been spied on under 702 who have not been told that.

As I noted, Judge Hogan did not include this persistent attorney-client problem among the things he invited Amy Jeffress to review as amicus. Whether or not she would have objected to the persistent violation of FBI’s minimization procedures, a review of them would also have given her evidence from which she might have questioned FBI’s compliance with another part of 702, that defendants get notice.

But DOJ seems pretty determined to flout that requirement going forward.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Former Top Holder Aide Says Back Door Searches Violate Fourth Amendment; FISC Judge Thomas Hogan Doesn’t Care

My apologies to Amy Jeffress.

When I first realized that FISA Court Presiding Judge Thomas Hogan picked her to serve as amicus for the review of the yearly 702 certifications last year, I complained that she, not Marc Zwillinger, got selected (the pick was made in August, but Jeffress would later be picked as one of the standing amicus curiae, along with Zwillinger). After all, Zwillinger has already argued that PRISM (then authorized by Protect America Act) was unconstitutional when he represented Yahoo in its challenge of the program. He’s got experience making this precise argument. Plus, Jeffress not only is a long-time national security prosecutor and former top Eric Holder aide, but she has been involved in some actions designed to protect the Executive. I still think Zwillinger might have done a better job. But Jeffress nevertheless made what appears to be a vigorous, though unsuccessful, argument that FBI’s back door searches of US person data are unconstitutional.

A former top DOJ lawyer believes FBI’s back door queries are unconstitutional

But it says a lot that Jeffress — someone who narrowly missed being picked as Assistant Attorney General for National Security and who presumably got at least some visibility on back door searches when working with Holder — argued that FBI’s warrantless back door searches of communications collected under Section 702 is unconstitutional. (I presume it would be unethical for Jeffress to use information learned while counseling Holder in this proceeding, which might have put her in an interesting position of knowing more than she could say.)

Sadly, Hogan didn’t care. Worse, his argument for not caring doesn’t make sense. As I’ll note, not only did Hogan pick a less than optimal person to make this argument, but he may have narrowly scoped her input, which may have prevented her from raising evidence in Hogan’s own opinion that his legal conclusion was problematic.

To be clear, Jeffress was no flaming hippie. She found no problem with the NSA and CIA practice of back door searches, concluding, “that the NSA and CIA minimization procedures are sufficient to ensure that the use of U.S. person identifiers for th[e] purpose of [querying Section 702-acquired information] complies with the statutory requirements of Section 702 and with the Fourth Amendment.” But she did find the FBI practice problematic.

Jeffress’ amicus brief included at least 10 pages of discussion of her concerns with the practice, though ODNI did not release her brief and Hogan cited very limited bits of it. She argued, “the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes” and said because the queries could do so they “go far beyond the purpose for which the Section 702-acquired information is collected in permitting queries that are unrelated to national security.”

To dismiss Jeffress’ arguments, Hogan does several things. He,

  • Notes the statute requires foreign intelligence just be “a significant purpose” of the collection, and points back to the 2002 In Re Sealed Case FISCR decision interpreting the “significant purpose” language added in the PATRIOT Act to permit the use of traditional FISA information for prosecutions
  • Cites the FISA minimization procedure language that “allow[s] for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed”
  • Dismisses a former top DOJ official’s concerns about the use of FISA data for non-national security crimes as “hypothetical”
  • Doesn’t address — at all — language in the FBI minimization procedures that permits querying of data for assessments and other unspecified uses
  • Invests a lot of faith in FBI’s access and training requirements that later parts of his opinion undermine

There are several problems with his argument.

In Re Sealed Case ties “significant purpose” to the target of an interception

First, Hogan extends the scope of what the FISA Court of Review interpreted the term “significant purpose,” which got added to traditional FISA in the PATRIOT Act and then adopted in FISA Amendments Act.

Hogan cites the FISCR decision in In Re Sealed Case to suggest it authorized the use of information against non-targets of surveillance. He does so by putting the court’s ultimate decision after caveats it uses to modify that. “The Court of Review concluded that it would be an “anomalous reading” of the “significant purpose” language of 50 U.S.C. § 1804(a)(6)(B) to allow the use of electronic surveillance in such a case. See id. at 736. The Court nevertheless stressed, however, that “[s]o long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution that it satisfies the significant purpose test.”

But that’s not what FISCR found. Here’s how that reads in the original, with Hogan’s citations emphasized.

On the one hand, Congress did not amend the definition of foreign intelligence information which, we have explained, includes evidence of foreign intelligence crimes. On the other hand, Congress accepted the dichotomy between foreign intelligence and law enforcement by adopting the significant purpose test. Nevertheless, it is our task to do our best to read the statute to honor congressional intent. The better reading, it seems to us, excludes from the purpose of gaining foreign intelligence information a sole objective of criminal prosecution. We therefore reject the government’s argument to the contrary. Yet this may not make much practical difference. Because, as the government points out, when it commences an electronic surveillance of a foreign agent, typically it will not have decided whether to prosecute the agent (whatever may be the subjective intent of the investigators or lawyers who initiate an investigation). So long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution, it satisfies the significant purpose test.

The important point is–and here we agree with the government–the Patriot Act amendment, by using the word “significant,” eliminated any justification for the FISA court to balance the relative weight the government places on criminal prosecution as compared to other counterintelligence responses. If the certification of the application’s purpose articulates a broader objective than criminal prosecution–such as stopping an ongoing conspiracy–and includes other potential non-prosecutorial responses, the government meets the statutory test. Of course, if the court concluded that the government’s sole objective was merely to gain evidence of past criminal conduct–even foreign intelligence crimes–to punish the agent rather than halt ongoing espionage or terrorist activity, the application should be denied.

The government claims that even prosecutions of non-foreign intelligence crimes are consistent with a purpose of gaining foreign intelligence information so long as the government’s objective is to stop espionage or terrorism by putting an agent of a foreign power in prison. That interpretation transgresses the original FISA. It will be recalled that Congress intended section 1804(a)(7)(B) to prevent the government from targeting a foreign agent when its “true purpose” was to gain non-foreign intelligence information–such as evidence of ordinary crimes or scandals. See supra at p.14. (If the government inadvertently came upon evidence of ordinary crimes, FISA provided for the transmission of that evidence to the proper authority. 50 U.S.C. § 1801(h)(3).) It can be argued, however, that by providing that an application is to be granted if the government has only a “significant purpose” of gaining foreign intelligence information, the Patriot Act allows the government to have a primary objective of prosecuting an agent for a non-foreign intelligence crime. Yet we think that would be an anomalous reading of the amendment. For we see not the slightest indication that Congress meant to give that power to the Executive Branch. Accordingly, the manifestation of such a purpose, it seems to us, would continue to disqualify an application. That is not to deny that ordinary crimes might be inextricably intertwined with foreign intelligence crimes. For example, if a group of international terrorists were to engage in bank robberies in order to finance the manufacture of a bomb, evidence of the bank robbery should be treated just as evidence of the terrorist act itself. But the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes.

Hogan ignores three key parts of this passage. First, FISCR’s decision only envisions the use of evidence against the target of the surveillance, not against his interlocutors, to in some way neutralize him. Any US person information collected and retained under 702 is, by definition, not the targeted person (whereas he or she might be in a traditional FISA order). Furthermore, FBI’s queries of information collected under 702 will find and use information that has nothing to do with putting foreign agents in prison — that is, to “investigate wholly unrelated ordinary crimes,” which FISCR prohibited. Finally, by searching data that may be years old for evidence of a crime, FBI is, in effect, “gaining evidence of past criminal conduct” — itself prohibited by FISCR — of someone who isn’t even the target of the surveillance.

Hogan only treats querying for criminal purposes

Having, in my opinion, expanded on what FISCR authorized back in 2002, Hogan then ignores several parts of what FBI querying permits.

Here’s (some of) the language FBI added to its minimization procedures, at the suggestion of PCLOB, to finally, after 8 years, fully disclose what it was doing to the FISC.

It is a routine and encouraged practice for FBI to query databases containing lawfully acquired information, including FISA-acquired information, in furtherance of the FBI’s authorized intelligence and law enforcement activities, such as assessments, investigations and intelligence collection. Section III.D governs the conduct of such queries. Examples of such queries include, but are not limited to, queries reasonably designed to identify foreign intelligence information or evidence of a crime related to an ongoing authorized investigation or reasonably designed queries conducted by FBI personnel in making an initial decision to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence, as authorized by the Attorney General Guidelines. These examples are illustrative and neither expand nor restrict the scope of the queries authorized in the language above.

This language makes clear FBI may do back door searches for:

  • To identify foreign intelligence information
  • To identify evidence of a crime related to an ongoing investigation
  • To decide whether to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence
  • Other things, because FBI’s use of such queries “are not limited to” these uses

Given Hogan’s stingy citations from Jeffress’ brief, it’s unclear how much of these things she addressed (or whether she was permitted to introduce knowledge gained from having worked closely with Eric Holder when these back door searches were being formalized).

Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Emptywheel Twitterverse

bmaz Will Buxton remains one of the most annoying sports commentators in the universe. Hey @F1onNBCSports can you PLEASE find someone better?
1mreplyretweetfavorite
bmaz @PogoWasRight @F1onNBCSports You know, I really like the look of Sochi. May have to try to go someday.
8mreplyretweetfavorite
bmaz @misterdevans @CNN Sadly, think it may be.
28mreplyretweetfavorite
bmaz But hey, this is exactly why the #WHCD is such offensive bullshit to democracy in the US: Press are bought off fools https://t.co/iNF8KgNZXX
9hreplyretweetfavorite
bmaz Seriously, not kidding, the only thing more pathetic than #WHCD is the thermonuclear status asinine post coverage on @CNN #EpitomeOfPathetic
9hreplyretweetfavorite
bmaz @hi_hat_truth Go fuck yourself asshole
9hreplyretweetfavorite
bmaz Honestly, as a lifelong Democrat, I am fucking embarrassed by Obama's ridicule of transparency and emulation of rapist Kobe Bryant mic drop.
9hreplyretweetfavorite
bmaz There are people I consider true friends in #WHCD and I seriously wonder if they think Obama's closing was "funny" or appropriate. #BeHonest
9hreplyretweetfavorite
bmaz So, Obama decided perfect coda on his 8 yrs w/the press was to sign off with an homage to a rapist sports figure. Are #WHCD #NerdProm good
9hreplyretweetfavorite
bmaz Obama, after eight yrs as most powerful man on face of the earth, parrots a rapist sports figure. Hope and change bitchezz!!
9hreplyretweetfavorite
bmaz Obama to the press: "Thanks for being equal partners with me on freedom" The Devil in Hades: "What a fucking joke"
9hreplyretweetfavorite
JimWhiteGNV RT @KevinMKruse: The UC system spent $175,000 trying to remove this picture from the internet, so please, please do NOT retweet this. https…
9hreplyretweetfavorite
May 2016
S M T W T F S
« Apr    
1234567
891011121314
15161718192021
22232425262728
293031