Posts

Why Are the US Marshals at the Center of All These Pen Registers?

/6 Comments/in /by

The US Marshal Service shows up prominently in two Pen Register stories from yesterday.

First, as part of a great story from WSJ’s Jen Valentino-Devries mapping out how many federal criminal electronic records requests never get unsealed…

In eight years as a federal magistrate judge in Texas, Brian Owsley approved scores of government requests for electronic surveillance in connection with criminal investigations—then sealed them at the government’s request. The secrecy nagged at him.

So before he left the bench last year, the judge decided to unseal more than 100 of his own orders, along with the government’s legal justification for the surveillance. The investigations, he says, involved ordinary crimes such as bank robbery and drug trafficking, not “state secrets.” Most had long since ended.

A senior judge halted the effort with a one-paragraph order that offered no explanation for the decision and that itself was sealed.

She released this summary of all the Federal Pen Register/Trap and Trace requests in 2012. As she pointed out on Twitter, the greatest number of requests don’t come from FBI. They come from the USMS, which submitted almost half of all requests that year, with 9,132.

Then, the ACLU revealed that, just before an appointment to view Sarasota, Florida’s requests under the Pen Register authority to use Stingray IMSI catchers to identify cell locations, the US Marshals declared control over the records, claiming they had deputized the local cop who had made the requests.

Over the past several months, the ACLU has filed dozens of public records requests with Florida law enforcement agencies seeking information about their use of controversial cell phone tracking devices known as “stingrays.” (The devices are also known as “cell site simulators” or “IMSI catchers.”) Stingrays track phones by mimicking service providers’ cell towers and sending out powerful signals that trick nearby phones — including phones of countless bystanders — into sending their locations and identifying information.

The Florida agencies’ responses to our requests have varied widely, with somestonewalling and others releasing records. The most recent request went to the Sarasota Police Department, and the fallout from that request has raised red flag after red flag.

RED FLAG #1: The Sarasota Police initially told us that they had responsive records, including applications filed by and orders issued to a local detective under the state“trap and trace” statute that he had relied on for authorization to conduct stingray surveillance. That raised the first red flag, since trap and trace orders are typically used to gather limited information about the phone numbers of incoming calls, not to track cell phones inside private spaces or conduct dragnet surveillance. And, such orders require a very low legal standard. As one federal magistrate judge has held, police should be permitted to use stingrays only after obtaining a probable cause warrant, if at all.

RED FLAG #2: The Sarasota Police set up an appointment for us to inspect the applications and orders, as required by Florida law. But a few hours before that appointment, an assistant city attorney sent an email cancelling the meeting on the basis that the U.S. Marshals Service was claiming the records as their own and instructing the local cops not to release them. Their explanation: the Marshals Service had deputized the local officer, and therefore the records were actually the property of the federal government.

[snip]

RED FLAG #3: Realizing we weren’t going to get hold of the Sarasota Police Department’s copies of the applications and orders anytime soon, we asked the county court if we could obtain copies from its files. Incredibly, the court said it had no copies. The court doesn’t even have docket entries indicating that applications were filed or orders issued. Apparently, the local detective came to court with a single paper copy of the application and proposed order, and then walked out with the same papers once signed by a judge.

Court rules — and the First Amendment — require judges to retain copies of judicial records and to make them available to the public, but the court (and the detective) completely flouted those requirements here.

Valentino-Devries notes that a lot of the records being kept secret also involve cell location.

In 2011, magistrate judges in California complained that investigators were applying for pen registers without explicitly saying they wanted to use sophisticated cellphone-location trackers, called “stingrays,” which can be used to locate suspects. Stingrays gather phone-number information, along with other data transmitted by cellphones, by acting as fake cellphone towers. The 1986 surveillance law doesn’t contemplate such technology.

Mr. Owsley, the former Texas magistrate judge, says he had similar concerns about applications for “cell-tower dumps,” in which agents can obtain records of all phones within range of specified cell towers over time—including people who aren’t suspected of a crime.

While we don’t yet know how many of the 9,000 requests the Marshals made in 2012 were for location data, the coincidence is mighty interesting.

The Marshals do have cause to search for suspects’ location. They claim they arrest over 300 wanted fugitives a day. That’s where stingrays would be particularly useful, as they would help to identify the location of a known suspect.

So how often are the Marshals using stingrays to do their work? And to what degree do they do so hiding behind even more obscure local pen register laws to do so?

Why Is DOJ Hiding Three Phone Dragnet Orders in Plain Sight?

/1 Comment/in , /by

The ACLU and EFF FOIAs for Section 215 documents are drawing to a head. Later this week, EFF will have a court hearing in their suit. And last Friday, the government renewed its bid for summary judgment in the ACLU case.

Both suits pivot on whether the government’s past withholdings on Section 215 were in good faith. Both NGOs are arguing they weren’t, and therefore the government’s current claims — that none of the remaining information may be released — cannot be treated in good faith. (Indeed, the government likely released the previously sealed NSA declaration to substantiate its claim that it had to treat all documents tying NSA to the phone dragnet with a Glomar because of the way NSA and DOJ respectively redact classification mark … or something like that.)

But the government insists it is operating in good faith.

Instead, the ACLU speculates, despite the government’s declarations to the contrary, that there must be some non-exempt information contained in these documents that could be segregated and released. In an attempt to avoid well-established law requiring courts to defer to the government’s declarations, especially in the area of national security, the ACLU accuses the government of bad faith and baldly asserts that the government’s past assertions regarding segregability—made before the government’s discretionary declassification of substantial amounts of information regarding its activities pursuant to Section 215— “strip the government’s present justifications of the deference due to them in ordinary FOIA cases.” ACLU Br. at 25. The ACLU’s allegations are utterly unfounded. For the reasons set forth below, the government’s justifications for withholding the remaining documents are “logical and plausible,”

EFF and ACLU have focused closely on a August 20, 2008 FISC order describing a method to conduct queries; I have argued it probably describes how NSA makes correlations to track correlations.

The government is refusing to identify 3 orders it has already identified

But — unless I am badly mistaken, or unless the government mistakenly believes it has turned over some of these orders, which is possible! — I think there are three other documents being withheld (ones the government hasn’t even formally disclosed to EFF, even while pretending they’ve disclosed everything to EFF) that raise questions about the government’s good faith even more readily: the three remaining phone dragnet Primary Orders from 2009. All three have been publicly identified, yet the government is pretending they haven’t been. They are:

BR 09-09, issued on July 8, 2009. Not only was this Primary Order identified in paragraph 3 of the next Primary Order, but it was discussed extensively in the government’s filing accompanying the end-to-end report. In addition, the non-approval of one providers’ metadata  (I increasingly suspect Sprint is the provider) for that period is reflected in paragraph 1(a) of that next Primary Order.

BR 09-15, issued on October 30, 2009. The docket number and date are both identified on the first page of this supplemental order.

BR 09-19, issued on December 16, 2009. It is mentioned in paragraph 3 of the next Primary Order. The docket number and the date are also referred to in the documents pertaining to Sprint’s challenge recently released. (See paragraph 1 and paragraph 5 for the date.)

Thus, the existence of all three Primary Orders has been declassified, even while the government maintains it can’t identify them in the context of the FOIAs where they’ve already been declassified.

The government has segregated a great deal of the content of BR 09-09

The government’s withholding of BR 09-09 is particularly ridiculous, given how extensively the end-to-end motion details it. From that document, we learn:

  • Pages 5-7 approve a new group for querying. (see footnote 2)
  • Pages 9-10 require those accessing the dragnet be briefed on minimization procedures tied to the dragnet (see PDF 22); this is likely the language that appears in paragraph G of the subsequent order. This specifically includes technical personnel. (see PDF 49)
  • Pages 10-11 require weekly reporting on disseminations. (see PDF 23) This is likely the information that appears in paragraph H in the subsequent order.
  • Page 12 affirmatively authorizes the data integrity search to find “certain non user specific numbers and [redacted] identifiers for purposes of metadata reduction and management” (see footnote 19 and PDF 55)
  • Page 8 and 13-14 lay out new oversight roles, especially for DOJ’s National Security Division (see PDF 22); these are likely the requirements laid out in paragraphs M through R in subsequent orders. Those same pages also require DOJ to share the details of NSD’s meeting with NSA in new FISC applications. (see PDF 23)
  • BR 09-09 included the same reporting requirements as laid out in BR 09-01 and BR 09-06 (see PDF 5)
  • Pages 16 -17 also included these new reporting requirements: (see PDFs 6 and 29 – 30)
    • a full explanation of why the government has permitted dissemination outside NSA of U.S. person information in violation of the Court’s Orders in this matter;
    • a full explanation of the extent to which NSA has acquired call detail records of foreign-to-foreign communications from [redacted] pursuant to orders of the FISC, and whether the NSA’s storage, handling, and dissemination of information in those records, or derived therefrom, complied with the Court’s orders; and
    • either (i) a certification that any overproduced information, as described in footnote 11 of the government’s application [i.e. credit card information), has been destroyed, and that any such information acquired pursuant to this Order is being destroyed upon recognition; or (ii) a full explanation as to why it is not possible or otherwise feasible to destroy such information.
  • BR 09-09 specifically mentioned that NSA had generally been disseminating BR FISA data according to USSID 18 and not the more restrictive dissemination provisions of the Court’s Orders. (see footnote 12)
  • BF 09-09 approved Chief, Information Sharing Services, the Senior Operations Officer, the Signals Intelligence
    Directorate (So) Director, the Deputy Director of NSA, and the Director of NSA to authorize US person disseminations. (see footnote 22 and PDF 28)

Significant parts of at least 13 pages of the Primary Order (the next Primary Order is 19 pages long) have already been deemed segregable and released. Yet the government now appears to be arguing, while claiming it is operating in good faith, that none of these items would be segregable if released with the order itself!

Wildarse speculation about why the government is withholding these orders

Which raises the question of why. Why did the government withhold these 3 orders, alone among all the known regular Primary Orders from the period of EFF and ACLU’s FOIAs? (See this page for a summary of the known orders and the changes implemented in each.)

The reason may not be the same for all three orders. BR 09-09 deals with two sensitive issues — the purging of credit card information and tech personnel access — that seem to have been resolved with that order (at least until the credit card problems returned in March 2011).

But there are two things that all three orders might have in common.

First, BR 09-09 deals closely with dissemination problems — the ability of CIA and FBI to access NSA results directly, and the unfettered sharing of information within NSA. BR 09-15 lays out new dissemination rules, with the supplement in November showing NSA to still be in violation. So it’s likely all 3 orders deal with dissemination violations (and therefore with poison fruit of inappropriate dissemination that may still be in the legal system), and that the government is hiding one of the more significant aspects of the dragnet violations by withholding those orders.

I also think it’s possible the later two (potentially all three, but more likely the later two) orders combine the phone and Internet dragnets. That’s largely because of timing: A June 22, 2009 order — the first one to deal with the dissemination problems formally addressed in BR 09-09 — dealt with both dragnets. There is evidence the Internet dragnet data got shut down (or severely restricted) on October 30, 2009, the date of BR 09-15. And according to the 2010 John Bates Internet dragnet opinion, NSA applied to restart the dragnet in late 2009 (so around the time of BR 09-19). So I think it possible the later orders, especially, deal with both programs,  thereby revealing details about the legal problems with PRTT the government would like to keep suppressed. (Note, if BR 09-15 and BR 09-19 are being withheld because they shut down Internet production, it would mean all three orders shut down some production, as BR 09-09 shut down one provider’s telephone production.)

Another possibility has to do with the co-mingling of EO 12333 and Section 215 data. These three orders all deal with the fact that providers (at least Verizon, but potentially the other two as well) had included foreign-to-foreign phone records along with the production of their domestic ones.That’s the reason production from one provider got shut down in BR 09-09. And immediately after the other withheld records, the Primary Orders always included a footnote on what to do with EO 12333 data turned over pursuant to BR FISA orders (see footnote 7 and footnote 10 for examples). Also, starting in March 2009, the Orders all contain language specifically addressing Verizon. So we know the FISC was struggling to come up with a solution for the fact that NSA had co-mingled data obtainable under EO 12333 and data the telecoms received PATRIOT Act orders from. (I suspect this is why Sprint insisted on legal cover, ultimately demanding the legal authorization of the program with the December order.) So it may be that all these orders reveal too much about the EO 12333 dragnet — and potential additional violations — to be released.

Whatever the reason, there is already so much data in the public domain, especially on BR 09-09, it’s hard to believe withholding it is entirely good faith.

USA Freedumber Will Not Get Better in the “Prosecutors” Committee

/13 Comments/in /by

Having been badly outmaneuvered on USA Freedumber — what was sold as reform but is in my opinion an expansion of spying in several ways — in the House, civil liberties groups are promising a real fight in the Senate.

“This is going to be the fight of the summer,” vowed Gabe Rottman, legislative counsel with the American Civil Liberties Union.

If advocates are able to change the House bill’s language to prohibit NSA agents from collecting large quantities of data, “then that’s a win,” he added.

“The bill still is not ideal even with those changes, but that would be an improvement,” Rottman said.

[snip]

“We were of course very disappointed at the weakening of the bill,” said Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute. “Right now we really are turning our attention to the Senate to make sure that doesn’t happen again.”

[snip]

One factor working in the reformers’ favor is the strong support of Senate Judiciary Chairman Patrick Leahy (D-Vt.).

Unlike House Judiciary Chairman Bob Goodlatte (R-Va.), who only came to support the bill after negotiations to produce a manager’s amendment, Leahy was the lead Senate sponsor of the USA Freedom Act.

The fact that Leahy controls the committee gavel means he should be able to guide the bill through when it comes up for discussion next month, advocates said.

“The fact that he is the chairman and it’s his bill and this is an issue that he has been passionate about for many years” is comforting, Greene said.

I hope they prove me wrong. But claims this will get better in the Senate seem to ignore the recent history of the Senate Judiciary Committee’s involvement in surveillance bills, not to mention the likely vote counts.

It is true Pat Leahy wants real reform. And he has a few allies on SJC. But in recent years, every surveillance-related bill that came through SJC has been watered down when Dianne Feinstein offered an alternative (which Leahy sometimes adopted as a manager’s amendment, perhaps realizing he didn’t have the votes). After DiFi offered reform, Sheldon Whitehouse (who a number of less sophisticated SJC members look to as a guide on these issues) enthusiastically embraced it, and everyone fell into line. Often, a Republican comes in and offers a “bipartisan reform” (meaning conservative Republicans joining with the Deep State) that further guts the bill.

This is how the Administration (shacking up with Jeff Sessions) defeated an effort to rein in Section 215 and Pen Registers in 2009.

This is how DiFi defeated an effort to close the backdoor loophole in 2012.

As this was happening in 2009, Russ Feingold called out SJC for acting as if it were the “Prosecutors Committee,” rather than the Judiciary Committee.

(Note, in both of those cases as well as on the original passage of Section 702, I understood fairly clearly what the efforts to stymie reform would do, up to 4 years before those programs were publicly revealed; I’ve got a pretty good record on this front!)

And if you don’t believe this is going to happen again, tell me why this whip count is wrong:

Screen shot 2014-05-26 at 5.18.49 PM

If my read here is right, the best case scenario — short of convincing Sheldon Whitehouse some of what the government wants to do is unconstitutional, which John Bates has already ruled that it is — is relying on people like Ted Cruz (whose posturing on civil liberties is often no more than that) and Jeff Flake (who was great on these issues in the House but has been silent and absent throughout this entire debate). And that’s all to reach a 9-9 tie in SJC.

Which shouldn’t be surprising. Had Leahy had the votes to move USA Freedom Act through SJC, he would have done so in October.

That was the entire point of starting in the House: because there was such a large number of people (albeit, for the  most part without gavels) supporting real reform in the House. But because reformers (starting with John Conyers and Jerry Nadler) uncritically accepted a bad compromise and then let it be gutted, that leverage was squandered.

Right now, we’re looking at a bill that outsources an expanded phone dragnet to the telecoms (with some advantages and some drawbacks), but along the way resets other programs to what they were before the FISC reined them in from 2009 to 2011. That’s the starting point. With a vote count that leaves us susceptible to further corruption of the bill along the way.

Edward Snowden risked his freedom to try to rein in the dragnet, and instead, as of right now it looks like Congress will expand it.

Update: I’ve moved Richard Blumenthal into the “pro reform” category based on this statement after the passage of USA Freedumber. Thanks to Katherine Hawkins for alerting me to the statement.

No Protection for International Communications: Russ Feingold Told Us So

/21 Comments/in /by

Both the ACLU’s Jameel Jaffer and EFF have reviews of the government’s latest claims about Section 702. In response to challenges by two defendants, Mohamed Osman Mohamud and Jamshid Muhtorov, to the use of 702-collected information, the government claims our international communications have no Fourth Amendment protection.

Here’s how Jaffer summarizes it:

It’s hardly surprising that the government believes the 2008 law is constitutional – government officials advocated for its passage six years ago, and they have been vigorously defending the law ever since. Documents made public over the last eleven-and-a-half months by the Guardian and others show that the NSA has been using the law aggressively.

What’s surprising – even remarkable – is what the government says on the way to its conclusion. It says, in essence, that the Constitution is utterly indifferent to the NSA’s large-scale surveillance of Americans’ international telephone calls and emails:

The privacy rights of US persons in international communications are significantly diminished, if not completely eliminated, when those communications have been transmitted to or obtained from non-US persons located outside the United States.

That phrase – “if not completely eliminated” – is unusually revealing. Think of it as the Justice Department’s twin to the NSA’s “collect it all”.

[snip]

In support of the law, the government contends that Americans who make phone calls or sends emails to people abroad have a diminished expectation of privacy because the people with whom they are communicating – non-Americans abroad, that is – are not protected by the Constitution.

The government also argues that Americans’ privacy rights are further diminished in this context because the NSA has a “paramount” interest in examining information that crosses international borders.

And, apparently contemplating a kind of race to the bottom in global privacy rights, the government even argues that Americans can’t reasonably expect that their international communications will be private from the NSA when the intelligence services of so many other countries – the government doesn’t name them – might be monitoring those communications, too.

The government’s argument is not simply that the NSA has broad authority to monitor Americans’ international communications. The US government is arguing that the NSA’s authority is unlimited in this respect. If the government is right, nothing in the Constitution bars the NSA from monitoring a phone call between a journalist in New York City and his source in London. For that matter, nothing bars the NSA from monitoring every call and email between Americans in the United States and their non-American friends, relatives, and colleagues overseas.

I tracked Feingold’s warnings about Section 702 closely in 2008. That’s where I first figured out the risk of what we now call back door searches, for example. But I thought his comment here was a bit alarmist.

As I’ve learned to never doubt Ron Wyden’s claims about surveillance, I long ago learned never to doubt Feingold’s.

 

The Verizon Publicity Stunt, Mosaic Theory, and Collective Fourth Amendment Rights

/19 Comments/in , /by

On Friday, I Con the Record revealed that a telecom — Ellen Nakashima confirms it was Verizon — asked the FISA Court to make sure its January 3 order authorizing the phone dragnet had considered Judge Richard Leon’s December 16 decision that it was unconstitutional. On March 20, Judge Rosemary Collyer issued an opinion upholding the program.

Rosemary Collyer’s plea for help

Ultimately, in an opinion that is less shitty than FISC’s previous attempts to make this argument, Collyer examines the US v. Jones decision at length and holds that Smith v. Maryland remains controlling, mostly because no majority has overturned it and SCOTUS has provided no real guidance as to how one might do so. (Her analysis raises some of the nuances I laid out here.)

The section of her opinion rejecting the “mosaic theory” that argues the cumulative effect of otherwise legal surveillance may constitute a search almost reads like a cry for help, for guidance in the face of the obvious fact that the dragnet is excessive and the precedent that says it remains legal.

A threshold question is which standard should govern; as discussed above, the court of appeals’ decision in Maynard and two concurrences in Jones suggest three different standards. See Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Mich. L. Rev. at 329. Another question is how to group Government actions in assessing whether the aggregate conduct constitutes a search.See id. For example, “[w]hich surveillance methods prompt a mosaic approach? Should courts group across surveillance methods? If so, how? Id. Still another question is how to analyze the reasonableness of mosaic searches, which “do not fit an obvious doctrinal box for determining reasonableness.” Id. Courts adopting a mosaic theory would also have to determine whether, and to what extent, the exclusionary rule applies: Does it “extend over all the mosaic or only the surveillance that crossed the line to trigger a search?”

[snip]

Any such overhaul of Fourth Amendment law is for the Supreme Court, rather than this Court, to initiate. While the concurring opinions in Jones may signal that some or even most of the Justices are ready to revisit certain settled Fourth Amendment principles, the decision in Jones itself breaks no new ground concerning the third-party disclosure doctrine generally or Smith specifically. The concurring opinions notwithstanding, Jones simply cannot be read as inviting the lower courts to rewrite Fourth Amendment law in this area.

As I read these passages, I imagined that Collyer was trying to do more than 1) point to how many problems overruling the dragnet would cause and 2) uphold the dignity of the rubber stamp FISC and its 36+ previous decisions the phone dragnet is legal.

There is reason to believe she knows what we don’t, at least not officially: that even within the scope of the phone dragnet, the dragnet is part of more comprehensive mosaic surveillance, because it correlates across platforms and identities. And all that’s before you consider how, once dumped into the corporate store and exposed to NSA’s “full range of analytic tradecraft,” innocent Americans might be fingerprinted to include our lifestyles.

That is, not only doesn’t Collyer see a way (because of legal boundary concerns about the dragnet generally, and possibly because of institutional concerns about FISC) to rule the dragnet illegal, but I suspect she sees the reverberations that such a ruling would have on the NSA’s larger project, which very much is about building mosaics of intelligence.

No wonder the government is keeping that August 20, 2008 opinion secret, if it indeed discusses the correlations function in the dragnet, because it may well affect whether the dragnet gets assessed as part of the mosaic NSA uses it as.

Verizon’s flaccid but public legal complaint

Now, you might think such language in Collyer’s opinion would invite Verizon to appeal this decision. But given this lukewarm effort, it seems unlikely to do so. Consider the following details:

Leon issued his decision December 16. Verizon did not ask the FISC for guidance (which makes sense because they are only permitted to challenge orders).

Verizon got a new Secondary Order after the January 3 reauthorization. It did not immediately challenge the order.

It only got around to doing so on January 22 (interestingly, a few days after ODNI exposed Verizon’s role in the phone dragnet a second time), and didn’t do several things — like asking for a hearing or challenging the legality of the dragnet under 50 USC 1861 as applied — that might reflect real concern about anything but the public appearance of legality. (Note, that timing is of particular interest, given that the very next day, on January 23, PCLOB would issue its report finding the dragnet did not adhere to Section 215 generally.)

Indeed, this challenge might not have generated a separate opinion if the government weren’t so boneheaded about secrecy.

Verizon’s petition is less a challenge of the program than an inquiry whether the FISC has considered Leon’s opinion.

It may well be the case that this Court, in issuing the January 3,2014 production order, has already considered and rejected the analysis contained in the Memorandum Order. [redacted] has not been provided with the Court’s underlying legal analysis, however, nor [redacted] been allowed access to such analysis previously, and the order [redacted] does not refer to any consideration given to Judge Leon’s Memorandum Opinion. In light of Judge Leon’s Opinion, it is appropriate [redacted] inquire directly of the Court into the legal basis for the January 3, 2014 production order,

As it turns out, Judge Thomas Hogan (who will take over the thankless presiding judge position from Reggie Walton next month) did consider Leon’s opinion in his January 3 order, as he noted in a footnote.

Screen Shot 2014-04-28 at 10.49.42 AM

And that’s about all the government said in its response to the petition (see paragraph 3): that Hogan considered it so the FISC should just affirm it.

Verizon didn’t know that Hogan had considered the opinion, of course, because it never gets Primary Orders (as it makes clear in its petition) and so is not permitted to know the legal logic behind the dragnet unless it asks nicely, which is all this amounted to at first.

Note that the government issued its response (as set by Collyer’s scheduling order) on February 12, the same day it released Hogan’s order and its own successful motion to amend it. So ultimately this headache arose, in part, because of the secrecy with which it treats even its most important corporate spying partners, which only learn about these legal arguments on the same schedule as the rest of us peons.

Yet in spite of the government’s effort to dismiss the issue by referencing Hogan’s footnote, Collyer said because Verizon submitted a petition, “the undersigned Judge must consider the issue anew.” Whether or not she was really required to or could have just pointed to the footnote that had been made public, I don’t know. But that is how we got this new opinion.

Finally, note that Collyer made the decision to unseal this opinion on her own. Just as interesting, while neither side objected to doing so, Verizon specifically suggested the opinion could be released with no redactions, meaning its name would appear unredacted.

The government contends that certain information in these Court records (most notably, Petitioner’s identity as the recipient of the challenged production order) is classified and should remain redacted in versions of the documents that are released to the public. See Gov’t Mem. at 1. Petitioner, on the other hand, “request[s] no redactions should the Court decide to unseal and publish the specified documents.” Pet. Mem. at 5. Petitioner states that its petition “is based entirely on an assessment of [its] own equities” and not on “the potential national security effects of publication,” which it “is in no position to evaluate.” Id.

I’ll return to this. But understand that Verizon wanted this opinion — as well as its own request for it — public.

Read more

Selective Leak to Michael Isikoff Proves the Undoing of Otherwise Successful Selective Leak Campaign on Drone Killing

/7 Comments/in , /by

The 2nd Circuit has just ruled that the government must release a redacted version of the targeted killing memo to the NYT and ACLU, as well as Vaughn documents listing the documents pertaining to the Anwar al-Awlaki killing.

The central jist of the argument, written by Jon Newman, is that the White Paper first leaked selectively to Michael Isikoff and then released, under FOIA, to Jason Leopold (Leopold FOIAed after reading about it in this post I wrote), amounts to official disclosure of the information in the OLC memo which, in conjunction with all the other public statements, amounts to a waiver of the government’s claim that the OLC memo amounted to pre-decisional deliberations.

This argument starts on page 23, in footnote 10, where the opinion notes that the White Paper leaked to Mike Isikoff was not marked draft, while the one officially released to Leopold was.

The document disclosed to [Leopold] is marked “draft”; the document leaked to Isikoff is not marked “draft” and is dated November 8, 2011. The texts of the two documents are identical, except that the document leaked to Isikoff is not dated and not marked “draft.”

The opinion strongly suggests the government should have released the Mike Isikoff — that is, the one not pretending to be a draft — version to ACLU.

The Government offers no explanation as to why the identical text of the DOJ White Paper, not marked “draft,” obtained by Isikoff, was not disclosed to ACLU, nor explain the discrepancy between the description of document number 60 and the title of the DOJ White Paper.

Then, having established that the document leaked to Isikoff is the same as the document released to Leopold, which was officially released, the opinion describes the DOD opinion at issue, a 41 page classified document dated July 16, 2010 signed by David Barron.

An almost entirely redacted paragraph describes the content of the memo.

The OLC-DOD Memorandum has several parts. After two introductory paragraphs, Part I(A) reports [redacted]. Parts I(B) and I(C) describe [redacted]. Part II(A) considers [redacted]. Part II(B) explains [redacted]. Part III(A) explains [redacted], and Part III(B) explains [redacted]. Part IV explains [redacted]. Part V explains [redacted]. Part VI explains [redacted].

A subsequent passage explains that parts II through VI provide the legal reasoning.

FOIA provides that “[a]ny reasonably segregable portion of a record shall be provided to any person requesting such record after deletion of the portions which are exempt under this subsection.” 5 U.S.C. § 552b. The Government’s waiver applies only to the portions of the OLC-DOD Memorandum that explain legal reasoning. These are Parts II, III, IV, V, and VI of the document, and only these portions will be disclosed.

And a still later passage reveals that the remaining section — part I — discusses intelligence gathering activities, presumably as part of a discussion of the evidence against Anwar al-Awlaki.

Aware of that possibility, we have redacted, as explained above, the entire section of the OLC-DOD Memorandum that includes any mention of intelligence gathering activities.

So while the paragraph describing the content of the Memo is redacted, we know the first section lays out the evidence against Awlaki, followed by 5 sections of legal reasoning.

The redacted paragraph I included above, describing the content of the Memo, is followed immediately by a paragraph addressing the content of the White Paper.

The 16-page, single-spaced DOJ White Paper [redacted] in its analysis of the lawfulness of targeted killings. [redacted]

The first redaction here probably states that the White Paper parallels the OLC memo. The second probably describes the key differences (besides length and the absence of the underlying evidence against Awlaki in the White Paper). And that second redaction is followed by a discussion describing the White Paper’s extensive passage on 18 US 1119, and lack of any discussion of 18 USC 956, a law prohibiting conspiracies to kill, maim, or kidnap outside the US.

The DOJ White Paper explains why targeted killings do not violate 18 U.S.C. §§ 1119 or 2441, or the Fourth and Fifth Amendments to the Constitution, and includes an analysis of why section 1119 encompasses the public authority justification. Even though the DOJ White Paper does not discuss 18 U.S.C. § 956(a)[redacted].

In other words, the big difference in the legal reasoning is that the still-secret Memo argues that the US plot against Awlaki was not an illegal conspiracy to kill him, in addition to not being a murder of an American overseas.

Conspiracies to conduct extralegal killings of terrorists are not the same as conspiracies by terrorists to kill, apparently.

Having laid out that the non-draft Isikoff memo is the same as the officially-released Leopold memo, and the officially-released Leopold memo lays out the same legal reasoning as the OLC Memo, the opinion basically says the government’s claims it hasn’t already released the memo are implausible.

As the District of Columbia Circuit has noted, “Ultimately, an agency’s justification for invoking a FOIA exemption is sufficient if it appears ‘logical’ or ‘plausible.’” Wolf v. CIA, 473 F.3d 370, 374-75 (D.C. Cir. 2007) (quoting Gardels v. CIA, 689 F.2d 1100, 1105 (D.C. Cir. 1982)). But Gardels made it clear that the justification must be “logical” and “plausible” “in protecting our intelligence sources and methods from foreign discovery.”

[snip]

With the redactions and public disclosures discussed above, it is no longer either “logical” or “plausible” to maintain that disclosure of the legal analysis in the OLC-DOD Memorandum risks disclosing any aspect of “military plans, intelligence activities, sources and methods, and foreign relations.” The release of the DOJ White Paper, discussing why the targeted killing of al-Awlaki would not violate several statutes, makes this clear. [redacted] in the OLC-DOD Memorandum adds nothing to the risk. Whatever protection the legal analysis might once have had has been lost by virtue of public statements of public officials at the highest levels and official disclosure of the DOJ White Paper.

Clearly, throughout its treatment of the Awlaki killing, the Obama Administration has attempted to be able to justify its killing of an American citizen publicly without bearing the risk of defending that justification legally.

And they almost got away with it. Until they got a little too loosey goosey with the selective leaks when they (someone) leaked the White Paper to Isikoff.

Ultimately, though, their selective leaking was the undoing of their selective leaking plan.

 

Spy vs. Spy, Theresa Shea vs. Theresa Shea

/6 Comments/in , /by

The government has submitted its response to ACLU’s appeal of its lawsuit challenging the Section 215 dragnet.

This passage, which reminded me of the old Mad Magazine Spy vs. Spy comic, made me pee my pants in laughter.

Various details of the program remain classified, precluding further explanation here of its scope, but the absence of those details cannot justify unsupported assumptions. For example, the record does not support the conclusion that the program collects “virtually all telephony metadata” about telephone calls made or received in the United States. SPA 32, quoted in Pl. Br. 12; see also, e.g., Pl. Br. 1-2, 23, 24, 25, 48, 58. Nor is that conclusion correct. See Supp. Decl. of Teresa H. Shea ¶ 7, First Unitarian Church of Los Angeles v. NSA, No. 4:13cv3287 (filed Feb. 21, 2014).3

3 The precise scope of the program is immaterial, however, because, as we explain, the government should prevail as a matter of law even if the scope of the program were as plaintiffs describe. [my emphasis]

Note that they’re citing a declaration from SIGINT Director Theresa Shea submitted in another case, the EFF challenge to the phone dragnet? They’re citing that Shea declaration rather than the one Shea submitted in this very case.

In her declaration submitted in this case in October, Shea said NSA collected all the call records from the providers subject to Section 215.

Pursuant to Section 215, the FBI obtains from the FISC directing certain telecommunications service providers to produce all business records created by them (known as call detail records) that contain information about communications between telephone numbers, generally relating to telephone calls made between the U.S. and a foreign country and calls made entirely within the U.S. (¶14) [my emphasis]

Not all providers. But for the providers in question, “all business records.”

Remember, ACLU is suing on their own behalf, and they are Verizon customers. We know Verizon is one of the providers in question, and Shea has told us that providers in question, of which Verizon is one, provide “all business records.”

Theresa Shea, in a declaration submitted in the suit in question: “All.”

Rather than citing the declaration submitted in this suit, the government instead cites a declaration Shea submitted all the way across the country in the EFF suit, one she submitted four months later, after both the ACLU and Judicial Watch suits had been decided at the District level.

Ostensibly written to describe the changes in scope the President rolled out in January, Shea submitted a new claim about the scope of the program in which she insisted that the program (ignoring, of course, that Section 215 is just a small part of the larger dragnet) does not collect “all.”

Although there has been speculation that the NSA, under this program, acquires metadata relating to all telephone calls to, from, or within the United States, that is not the case. The Government has acknowledged that the program is broad in scope and involves the collection and aggregation of a large volume of data from multiple telecommunications service providers, but as the FISC observed in a decision last year, it has never captured information on all (or virtually all) calls made and/or received in the U.S. See In re Application of the FBI for an Order Requiring the Production of Tangible Things from [Redacted], Dkt. No. BR13-109 Amended Mem. Op. at 4 n.5 (F.I.S.C. Aug. 29, 2013) (publicly released, unclassified version) (“The production of all call detail records of all persons in the States has never occurred under under this program.“) And while the Government has also acknowledged that one provider was the recipient of a now-expired April 23, 2013, Secondary Order from the FISC (Exhibit B to my earlier declaration), the identities of the carriers participating in the program(either now, or at any time in the past) otherwise remain classified. [my emphasis]

I explained in detail how dishonest a citation Theresa Shea’s newfound embrace of “not-all” is.

Here, she’s selectively citing the declassified August 29, 2013 version of Claire Eagan’s July 19, 2013 opinion. The latter date is significant, given that the day the government submitted the application tied to that order, NSA General Counsel Raj De made it clearthere were 3 providers in the program (see after 18:00 in the third video). These are understood to be AT&T, Sprint, and Verizon.

Shea selectively focuses on language that describes some limits on the dragnet. She could also note that Eagan’s opinion quoted language suggesting the dragnet (at least in 2011) collected “substantially all” of the phone records from the providers in question, but she doesn’t, perhaps because it would present problems for her “virtually all” claim.

Moreover, Shea’s reference to “production of all call detail records” appears to have a different meaning than she suggests it has when read in context. Here’s what the actual language of the opinion says.

Specifically, the government requested Orders from this Court to obtain certain business records of specified telephone service providers. Those telephone company business records consist of a very large volume of each company’s call detail records or telephony metadata, but expressly exclude the contents of any communication; the name, address, or financial information of any subscriber or customer; or any cell site location information (CSLI). Primary Ord. at 3 n.l.5

5 In the event that the government seeks the production of CSLI as part of the bulk production of call detail records in the future, the government would be required to provide notice and briefing to this Court pursuant to FISC Rule 11. The production of all call detail records of all persons in the United States has never occurred under this program. For example, the government [redacted][my emphasis]

In context, the reference discusses not just whether the records of all the calls from all US telecom providers (AT&T, Sprint, and Verizon, which participated in this program on the date Eagan wrote the opinion, but also T-Mobile and Cricket, plus VOIP providers like Microsoft, owner of Skype, which did not) are turned over, but also whether each provider that does participate (AT&T, Sprint, and Verizon) turns over all the records on each call. The passage makes clear they don’t do the latter; AT&T, Sprint, and Verizon don’t turn over financial data, name, or cell location, for example! And since we know that at the time Eagan wrote this opinion, there were just those 3 providers participating, clearly the records of providers that didn’t use the backbone of those 3 providers or, in the case of Skype, would be inaccessible, would be missed. So not all call detail records from the providers that do provide records, nor records covering all the people in the US. But still a “very large volume” from AT&T, Sprint, and Verizon, the providers that happen to be covered by the suit.

That is, in context, the “all call detail records of all persons in the United States has never occurred” claim meant that even for the providers obligated under the order in question — AT&T, Sprint, and Verizon — there were parts of the call records (like the financial information) they didn’t turn over, though they turned over records for all calls. That’s consistent with Eagan’s quotation of the “virtually all” records with respect to the providers in question.

But by citing it disingenuously, Shea utterly changes the meaning Eagan accorded it.

Theresa Shea, disingenuously citing a declaration submitted in another suit: “Not all.”

It’s like the hilarity of Mad Magazine’s old Spy vs. Spy comics. Only in this case, it pits top spy Theresa Shea against top spy Theresa Shea.

Judge Collyer’s Factually Erroneous Freelance Rubber Stamp for Killing American Citizens

/7 Comments/in , /by

As I noted on Friday, Judge Rosemary Collyer threw out the Bivens challenge to the drone killings of Anwar and Abdulrahman al-Awlaki and Samir Khan.

The decision was really odd: in an effort to preserve some hope that US citizens might have redress against being executed with no due process, she rejects the government’s claims that she has no authority to decide the propriety of the case. But then, by citing precedents rejecting Bivens suits, including one on torture in the DC Circuit and Padilla’s challenge in the Fourth, she creates special factors specifically tied to the fact that Awlaki was a horrible person, rather than that national security writ large gives the Executive unfettered power to execute at will, and then uses these special factors she invents on her own to reject the possibility an American could obtain any redress for unconstitutional executions. (See Steve Vladeck for an assessment of this ruling in the context of prior Bivens precedent.)

The whole thing lies atop something else: the government’s refusal to provide Collyer even as much information as they had provided John Bates in 2010 when Anwar al-Awlaki’s father had tried to pre-emptively sue before his son was drone-killed.

On December 26, Collyer ordered the government to provide classified information on how it decides to kill American citizens.

MINUTE ORDER requiring the United States, an interested party 19 , to lodge no later than January 24, 2014, classified declaration(s) with court security officers, in camera and ex parte, in order to provide to the Court information implicated by the allegations in this case and why its disclosure reasonably could be expected to harm national security…, include[ing] information needed to address whether or not, or under what circumstances, the United States may target a particular foreign terrorist organization and its senior leadership, the specific threat posed by… Anwar-al Aulaqi, and other matters that plaintiff[s have] put at issue, including any criteria governing the use of lethal force, updated to address the facts of this record.

Two weeks later, the government moved to reconsider, both on jurisdictional grounds and because, it said, Collyer didn’t need the information to dismiss the case.

Beyond the jurisdictional issue, the Court should vacate its Order because Defendants’ motion to dismiss, which raises the threshold defenses of the political question doctrine, special factors, and qualified immunity, remains pending. The information requested, besides being classified, is not germane to Defendants’ pending motion, which accepts Plaintiffs’ well-pled facts as true.

As part of their motion, however, the government admitted to supplementing the plaintiffs’ facts.

Defendants’ argument that decedents’ constitutional rights were not violated assumed the truth of Plaintiffs’ factual allegations, and supplemented those allegations only with judicially noticeable public information, the content of which Plaintiffs did not and do not dispute.

The plaintiffs even disputed that they didn’t dispute these claims, pointing out that they had introduced claims about:

  • AQAP’s status vis a vis al Qaeda
  • Whether the US is in an armed conflict with AQAP
  • The basis for Awlaki’s listing as a Special Designated Global Terrorist

Ultimately, even Collyer scolds the government for misstating the claims alleged in the complaint.

The United States argued that the factual information that the Court requested was not relevant to the Defendants’ special factors argument because special factors precluded Plaintiffs’ cause of action, given the context in which the claims, “as pled,” arose––that is, “the alleged firing of missiles by military and intelligence officers at enemies in a foreign country in the course of an armed conflict.” Mot. for Recons. & to Stay Order at ECF 10. The United States, however, mischaracterizes the Complaint. Read more

FISA Court Finally Discovers a Limit to the Word “Relevant”

/5 Comments/in /by

A few weeks back I laughed that, in a probable attempt to score political points against those challenging the phone dragnet by asking to retain the phone dragnet longer than 5 years, DOJ had shown a rather unusual concern for defendant’s rights.

Judge Reggie Walton has just denied DOJ’s motion. In doing so he has found limits to the word “relevant” that otherwise seem unheard of at the FISC in recent memory.

For its part, the government makes no attempt to explain why it believes the records that are subject to destruction are relevant to the civil cases. The government merely notes that “‘[r]elevant’ in this context means relevant for purposes of discovery, … including information that relates to the claims or defenses of any party, as well as information that is reasonably calculated to lead to the discovery of admissible evidence.” Motion at 6. Similarly, the government asserts that “[b]ased on the issues raised by Plaintiffs,” the information must be retained, but it fails to identify what those issues are and how the records might shed light on them. Id. at 7. Finally, the motion asserts, without any explanation, that “[b]ased on the claims raised and the relief sought, a more limited retention of the BR metadata is not possible as there is no way for the Government to know in advance and then segregate and retain only the BR metadata specifically relevant to the identified lawsuits.” Id. Of course, questions of relevance are ultimately matters for the courts entertaining the civil litigation to resolve. But the government now requests this Court to afford substantial weight to the purported interests of the civil litigants in retaining the BR metadata relative to the primary interests of the United States persons whose information the government seeks to retain. The government’s motion provides scant basis for doing so.

Shew. Given the way FISC has been defining the word “relevant” since 2004 to mean “virtually all,” I had thought the word had become utterly meaningless.

At least we know the word “relevant” has some limits at FISC, even if they’re unbelievably broad.

Mind you, I’m not sure whether FISC or the government is right in this case, as I do have concerns about the data from the troubled period during 2009 aging off.

But I will at least take some Friday afternoon amusement that the FISC just scolded the government about the word “relevant.”

NSA’s Data Retention Oddities

/1 Comment/in /by

NSA’s defenders are enjoying this one: WSJ says that NSA may temporarily have to expand the phone dragnet (it really means retain more data) because of all the lawsuits to end it.

A number of government lawyers involved in lawsuits over the NSA phone-records program believe federal-court rules on preserving evidence related to lawsuits require the agency to stop routinely destroying older phone records, according to people familiar with the discussions. As a result, the government would expand the database beyond its original intent, at least while the lawsuits are active.

No final decision has been made to preserve the data, officials said, and one official said that even if a decision is made to retain the information, it would be held only for the purpose of litigation and not be subject to searches.

There is actually a precedent for this. In 2009, as NSA was trying to clean up its alert list and other violations, it told the FISA Court it might not be able destroy all the alert notices because of ongoing litigation.

With respect to the alert process, after this compliance matter surfaced, NSA identified and eliminated analyst access to all alerts that were generated from the comparison of non-RAS approved identifiers against the incoming BR FISA material. The only individuals who retain continued access to this class of alerts are the Technical Director for NSA’s Homeland Security Analysis Center (“HSAC”) and two system developers assigned to HSAC. From a technical standpoint, NSA believes it could purge copies of any alerts that were generated from comparisons of the incoming BR FISA information against non-RAS approved identifiers on the alert list. However, the Agency, in consultation with DoJ, would need to determine whether such action would conflict with a data preservation Order the Agency has received in an ongoing litigation matter.

Though I can’t think of any follow-up confirming whether NSA believed this massive violation should or should not be retained in light of ongoing litigation.

As EFF’s Cindy Cohn notes in the WSJ article, if NSA should be retaining data, it should date back to when a judge first issued a preservation order.

Cindy Cohn, legal director at the Electronic Frontier Foundation, which also is suing over the program, said the government should save the phone records, as long as they aren’t still searchable under the program. “If they’re destroying evidence, that would be a crime,” she said.

Ms. Cohn also questioned why the government was only now considering this move, even though the EFF filed a lawsuit over NSA data collection in 2008.

In that case, a judge ordered evidence preserved related to claims brought by AT&Tcustomers. What the government is considering now is far broader.

Though when I saw reference to the litigation in the 2009 filing, I wondered whether it might be either the al-Haramain suit or one of the dragnet suits, potentially including EFF’s suit.

Here’s what confuses me about all this data retention business.

If the NSA is so cautious about retaining evidence in case of a potential crime, then why did it just blast away the 3,000 files of phone dragnet information they found stashed on a random server, which may or may not have been mingled in with STELLAR WIND data it found in 2012? Here’s how PCLOB describes the data and its destruction, which differs in some ways from the way NSA described it to itself internally.

In one incident, NSA technical personnel discovered a technical server with nearly 3,000 files containing call detail records that were more than five years old, but that had not been destroyed in accordance with the applicable retention rules. These files were among those used in connection with a migration of call detail records to a new system. Because a single file may contain more than one call detail record, and because the files were promptly destroyed by agency technical personnel, the NSA could not provide an estimate regarding the volume of calling records that were retained beyond the five-year limit.

According to the NSA, they didn’t know how or why or when the data ended up where it wasn’t supposed to be or even if it had really been retained past the age-off date.

Heck, those 3,000 files potentially mixed up with STELLAR WIND data seem like precisely the kind of thing EFF’s Jewel suit might need to access.

But it’s all gone!

One final detail. Here’s how WSJ says the system currently ages off data.

As the NSA program currently works, the database holds about five years of data, according to officials and some declassified court opinions. About twice a year, any call record more than five years old is purged from the system, officials said.

This is not how witnesses have consistently described the age-off system. It adds up to 6 months on the age-off, in what appears to be non-compliance with the unredacted parts of the phone dragnet orders.

Update: Adding one more thing. WSJ suggests NSA may have to keep the data because it might help some of the plaintiffs get standing. The only way that’s true is if NSA stopped getting Verizon cell data from Verizon starting in 2009.

For most of the plaintiffs, standing should be no problem They’re Verizon Business Service customers. But Larry Klayman is just a cell phone customer. A 5-year age off (ignoring the semi-annual purge detail) would mean they’d be getting rid of data collected in February 2009, just as NSA was working through the violations and before the May 29, 2009 order for Verizon to stop handing over its foreign data (also before Reggie Walton shut down Verizon production for a 3 month period later in 2009). I’m not sure I buy all that, but it is the only way standing might depend on data retention.