Posts

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Basaaly Moalin Wins His Appeal — But Gets Nothing

/9 Comments/in , /by

Basaaly Moalin is a Somali-American prosecuted for funding Al-Shabaab in 2010 who, years later, was used by FBI to justify the phone dragnet. After Edward Snowden revealed the Section 215 dragnet, the FBI pointed to his case, claiming they would not have found him were it not for the dragnet.

He just won an appeal of his case in the 9th Circuit, which found that the Section 215 dragnet may violate the Fourth Amendment. But it doesn’t do him any good, because the 9th Circuit panel determined that the government had been lying about how central the dragnet was in identifying him in the first place. The ruling is important, however, because it affirms that if the government is going to use evidence obtained from surveillance in court — or derived from surveillance — they need to notify the defendant.

The opinion argued that the Third Party doctrine probably doesn’t apply here, because current metadata collection obtains so much more than old-style pen registers.

There are strong reasons to doubt that Smith applies here.
Advances in technology since 1979 have enabled the
government to collect and analyze information about its
citizens on an unprecedented scale. Confronting these
changes, and recognizing that a “central aim” of the Fourth
Amendment was “to place obstacles in the way of a too
permeating police surveillance,” the Supreme Court recently
declined to “extend” the third-party doctrine to information
whose collection was enabled by new technology. Carpenter
v. United States, 138 S. Ct. 2206, 2214, 2217 (2018) (quoting
United States v. Di Re, 332 U.S. 581, 595 (1948)).

Carpenter did not apply the third-party doctrine to the
government’s acquisition of historical cell phone records
from the petitioner’s wireless carriers. The records revealed
the geographic areas in which the petitioner used his cell
phone over a period of time. Id. at 2220. Citing the “unique
nature of cell phone location information,” the Court
concluded in Carpenter that “the fact that the Government
obtained the information from a third party does not
overcome [the petitioner’s] claim to Fourth Amendment
protection,” because there is “a world of difference between
the limited types of personal information addressed in Smith
. . . and the exhaustive chronicle of location information
casually collected by wireless carriers today.” Id. at 2219–
20.

There is a similar gulf between the facts of Smith and the
NSA’s long-term collection of telephony metadata from
Moalin and millions of other Americans.

[snip]

The distinctions between Smith and this case are legion
and most probably constitutionally significant. To begin
with, the type of information recorded in Smith was
“limited” and of a less “revealing nature” than the telephony
metadata at issue here. Carpenter, 138 S. Ct. at 2219. The
pen register did not disclose the “identities” of the caller or
of the recipient of a call, “nor whether the call was even
completed.” Smith, 442 U.S. at 741 (quoting United States v.
New York Tel. Co., 434 U.S. 159, 167 (1977)). In contrast,
the metadata in this case included “comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile station Equipment Identity (IMEI) number, International Mobile Subscriber Identity (IMSI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call.” In re Application II, 2013 WL 5741573, at *1 n.2. “IMSI and IMEI numbers are unique numbers associated with a particular telephone user or communications device.” Br. of Amici Curiae Brennan Center for Justice 11. “A ‘trunk identifier’ provides information about where a phone connected to the network, revealing data that can locate the parties within approximately a square kilometer.” Id. at 11–12.

Although the Smith Court perceived a significant distinction between the “contents” of a conversation and the phone number dialed, see 442 U.S. at 743, in recent years the distinction between content and metadata “has become increasingly untenable,” as Amici point out. Br. of Amici Curiae Brennan Center for Justice 6. The amount of metadata created and collected has increased exponentially, along with the government’s ability to analyze it. “Records that once would have revealed a few scattered tiles of information about a person now reveal an entire mosaic—a vibrant and constantly updating picture of the person’s life.” Klayman v. Obama, 957 F. Supp. 2d 1, 36 (D.D.C. 2013), vacated and remanded, 800 F.3d 559 (D.C. Cir. 2015). According to the NSA’s former general counsel Stewart Baker, “[m]etadata absolutely tells you everything about somebody’s life. . . . If you have enough metadata you don’t really need content . . . .” Laura K. Donohue, The Future of Foreign Intelligence 39 (2016). The information collected here was thus substantially more revealing than the telephone numbers recorded in Smith.

Importantly, it pointed to how much more revealing Moalin’s metadata was collected in conjunction with that of millions of other people (a point I made shortly after the District Court rejected Moalin’s original challenge).

Also problematic is the extremely large number of people from whom the NSA collected telephony metadata, enabling the data to be aggregated and analyzed in bulk. The government asserts that “the fact that the NSA program also involved call records relating to other people . . . is irrelevant because Fourth Amendment rights . . . cannot be raised vicariously.” Br. of United States 58. The government quotes the FISA Court, which reasoned similarly that “where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.” In re Application II, 2013 WL 5741573, at *2. But these observations fail to recognize that the collection of millions of other people’s telephony metadata, and the ability to aggregate and analyze it, makes the collection of Moalin’s own metadata considerably more revealing.

After suggesting that Carpenter would apply to this dragnet, the panel then concluded that it doesn’t matter, because the dragnet wasn’t all that central to obtaining a warrant against Moalin.

Having carefully reviewed the classified FISA applications and all related classified information, we are convinced that under established Fourth Amendment standards, the metadata collection, even if unconstitutional, did not taint the evidence introduced by the government at trial. See Wong Sun v. United States, 371 U.S. 471, 488 (1963). To the extent the public statements of government officials created a contrary impression, that impression is inconsistent with the contents of the classified record

This will be a working thread.

What We Know about the Section 215 Phone Dragnet and Location Data

/in , /by

Last month’s squabble between Marco Rubio and Ted Cruz about USA Freedom Act led a number of USAF boosters to belatedly understand what I’ve been writing for years: that USAF expanded the universe of people whose records would be collected under the program, and would therefore expose more completely innocent people, along with more potential suspects, to the full analytical tradecraft of the NSA, indefinitely.

In an attempt to explain why that might be so, Julian Sanchez wrote this post, focusing on the limits on location data collection that restricted cell phone collection. Sanchez ignores two other likely factors — the probable inclusion of Internet phone calls and the ability to do certain kinds of connection chaining — that mark key new functionalities in the program which would have posed difficulties prior to USAF. But he also misses a lot of the public facts about location collection and cell phones under the Section 215 dragnet.  This post will lay those out.

The short version is this: the FISC appears to have imposed some limits on prospective cell location collection under Section 215 even as the phone dragnet moved over to it, and it was not until August 2011 that NSA started collecting cell phone records — stripped of location — from AT&T under Section 215 collection rules. The NSA was clearly getting “domestic” records from cell phones prior to that point, though it’s possible they weren’t coming from Section 215 data. Indeed, the only known “successes” of the phone dragnet — Basaaly Moalin and Adis Medunjanin — identified cell phones. It’s not clear whether those came from EO 12333, secondary database information that didn’t include location, or something else.

Here’s the more detailed explanation, along with a timeline of key dates:

There is significant circumstantial evidence that by February 17, 2006 — two months before the FISA Court approved the use of Section 215 of the PATRIOT Act to aspire to collect all Americans’ phone records — the FISA Court required briefing on the use of “hybrid” requests to get real-time location data from targets using a FISA Pen Register together with a Section 215 order. The move appears to have been a reaction to a series of magistrates’ rulings against a parallel practice in criminal cases. The briefing order came in advance of the 2006 PATRIOT Act reauthorization going into effect, which newly limited Section 215 requests to things that could be obtained with a grand jury subpoena. Because some courts had required more than a subpoena to obtain location, it appears, FISC reviewed the practice in the FISC — and, given the BR/PR numbers reported in IG Reports, ended, sometime before the end of 2006 though not immediately.

The FISC taking notice of criminal rulings and restricting FISC-authorized collection accordingly would be consistent with information provided in response to a January 2014 Ron Wyden query about what standards the FBI uses for obtaining location data under FISA. To get historic data (at least according to the letter), FBI used a 215 order at that point. But because some district courts (this was written in 2014, before some states and circuits had weighed in on prospective location collection, not to mention the 11th circuit ruling on historical location data under US v. Davis) require a warrant, “the FBI elects to seek prospective CSLI pursuant to a full content FISA order, thus matching the higher standard imposed in some U.S. districts.” In other words, as soon as some criminal courts started requiring a warrant, FISC apparently adopted that standard. If FISC continued to adopt criminal precedents, then at least after the first US v. Davis ruling, it would have and might still require a warrant (that is, an individualized FISA order) even for historical cell location data (though Davis did not apply to Stingrays).

FISC doesn’t always adopt the criminal court standard; at least until 2009 and by all appearances still, for example, FISC permits the collection, then minimization, of Post Cut Through Dialed Digits collected using FISA Pen Registers, whereas in the criminal context FBI does not collect PCTDD. But the FISC does take notice of, and respond to — even imposing a higher national security standard than what exists at some district levels — criminal court decisions. So the developments affecting location collection in magistrate, district, and circuit courts would be one limit on the government’s ability to collect location under FISA.

That wouldn’t necessarily prevent NSA from collecting cell records using a Section 215 order, at least until the Davis decision. After all, does that count as historic (a daily collection of records each day) or prospective (the approval to collect data going forward in 90 day approvals)? Plus, given the PCTDD and some other later FISA decisions, it’s possible FISC would have permitted the government to collect but minimize location data. But the decisions in criminal courts likely gave FISC pause, especially considering the magnitude of the production.

Then there’s the chaos of the program up to 2009.

At least between January 2008 and March 2009, and to some degree for the entire period preceding the 2009 clean-up of the phone and Internet dragnets, the NSA was applying EO 12333 standards to FISC-authorized metadata collection. In January 2008, NSA co-mingled 215 and EO 12333 data in either a repository or interface, and when the shit started hitting the fan the next year, analysts were instructed to distinguish the two authorities by date (which would have been useless to do). Not long after this data was co-mingled in 2008, FISC first approved IMEI and IMSI as identifiers for use in Section 215 chaining. In other words, any restrictions on cell collection in this period may have been meaningless, because NSA wasn’t heeding FISC’s restrictions on PATRIOT authorized collection, nor could it distinguish between the data it got under EO 12333 and Section 215.

Few people seem to get this point, but at least during 2008, and probably during the entire period leading up to 2009, there was no appreciable analytical border between where the EO 12333 phone dragnet ended and the Section 215 one began.

There’s no unredacted evidence (aside from the IMEI/IMSI permission) the NSA was collecting cell phone records under Section 215 before the 2009 process, though in 2009, both Sprint and Verizon (even AT&T, though to a much less significant level) had to separate out their entirely foreign collection from their domestic, meaning they were turning over data subject to EO 12333 and Section 215 together for years. That’s also roughly the point when NSA moved toward XML coding of data on intake, clearly identifying where and under what authority it obtained the data. Thus, it’s only from that point forward where (at least according to what we know) the data collected under Section 215 would clearly have adhered to any restrictions imposed on location.

In 2010, the NSA first started experimenting with smaller collections of records including location data at a time when Verizon Wireless was named on primary orders. And we have two separate documents describing what NSA considered its first collection of cell data under Section 215 on August 29, 2011. But it did so only after AT&T had stripped the location data from the records.

It appears Verizon never did the same (indeed, Verizon objected to any request to do so in testimony leading up to USAF’s passage). The telecoms used different methods of delivering call records under the program. In fact, in August 2, 2012, NSA’s IG described the orders as requiring telecoms to produce “certain call detail records (CDRs) or telephony metadata,” which may differentiate records that (which may just be AT&T) got processed before turning over. Also in 2009, part of Verizon ended its contract with the FBI to provide special compliance with NSLs. Both things may have affected Verizon’s ability or willingness to custom what it was delivering to NSA, as compared to AT&T.

All of which suggests that at least Verizon could not or chose not to do what AT&T did: strip location data from its call records. Section 215, before USAF, could only require providers to turn over records they kept, it could not require, as USAF may, provision of records under the form required by the government. Additionally, under Section 215, providers did not get compensated after the first two dragnet orders.

All that said, the dragnet has identified cell phones! In fact, the only known “successes” under Section 215 — the discovery of Basaaly Moalin’s T-Mobile cell phone and the discovery of Adis Medunjanin’s unknown, but believed to be Verizon, cell phone — did, and they are cell phones from companies that didn’t turn over records. In addition, there’s another case, cited in a 2009 Robert Mueller declaration preceding the Medunjanin discovery, that found a US-based cell phone.

There are several possible explanations for that. The first is that these phones were identified based off calls from landlines and/or off backbone records (so the phone number would be identified, but not the cell information). But note that, in the Moalin case, there are no known land lines involved in the presumed chain from Ayro to Moalin.

Another possibility — a very real possibility with some of these — is that the underlying records weren’t collected under Section 215 at all, but were instead collected under EO 12333 (though Moalin’s phone was identified before Michael Mukasey signed off on procedures permitting the chaining through US person records). That’s all the more likely given that all the known hits were collected before the point in 2009 when the FISC started requiring providers to separate out foreign (EO 12333) collection from domestic and international (Section 215) collection. In other words, the Section 215 phone dragnet may have been working swimmingly up until 2009 because NSA was breaking the rules, but as soon as it started abiding by the rules — and adhering to FISC’s increasingly strict limits on cell location data — it all of a sudden became virtually useless given the likelihood that potential terrorism targets would use exclusively cell and/or Internet calls just as they came to bypass telephony lines. Though as that happened, the permissions on tracking US persons via records collected under EO 12333, including doing location analysis, grew far more permissive.

In any case, at least in recent years, it’s clear that by giving notice and adjusting policy to match districts, the FISC and FBI made it very difficult to collect prospective location records under FISA, and therefore absent some means of forcing telecoms to strip their records before turning them over, to collect cell data.

Read more

The Section 215 Rap Sheet

/3 Comments/in /by

Marco Rubio, who is running for President as an authoritarian, claims that “There is not a single documented case of abuse of this program.”

He’s not alone. One after another defender of the dragnet make such claims. FBI witnesses who were asked specifically about abuses in 2011 claimed FBI did not know of any abuses (even though FBI Director Robert Mueller had had to justify FBI’s use of the program to get it turned back on after abuses discovered in 2009).

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

Though Section 215 boosters tend to get sort of squishy on their vocabulary, changing language about whether this was illegal, unconstitutional, or abusive.

Here’s what we actually know about the abuses, illegality, and unconstitutionality of Section 215, both the phone dragnet program and Section 215 more generally.

Judges

First, here’s what judges have said about the program:

1) The phone dragnet has been reapproved around 41 times by at least 17 different FISC judges

The government points to this detail as justification for the program. It’s worth noting, however, that FISC didn’t get around to writing an opinion assessing the program legally until 10 judges and 34 orders in.  Since Snowden exposed the program, the FISC appears to have made a concerted effort to have new judges sign off on each new opinion.

2) Three Article III courts have upheld the program:

Judges William Pauley and Lynn Winmill upheld the constitutionality of the program (but did not asses the legality of it); though Pauley was reversed on statutory, not constitutional grounds. Judge Jeffrey Miller upheld the use of Section 215 evidence against Basaaly Moalin on constitutional grounds.

3) One Article III court — Judge Richard Leon in Klayman v. Obama — found the program unconstitutional.

4) The Second Circuit (along with PCLOB, including retired Circuit Court judge Patricia Wald, though they’re not a court), found the program not authorized by statute.

The latter decision, of course, is thus far the binding one. And the 2nd Circuit has suggested that if it has to consider the program on constitution grounds, it might well find it unconstitutional as well.

Statutory abuses

1) As DOJ’s IG confirmed yesterday, for most of the life of the phone dragnet (September 2006 through November 2013), the FBI flouted a mandate imposed by Congress in 2006 to adopt Section 215-specific minimization procedures that would give Americans additional protections under the provision (note–this affects all Section 215 programs, not just the phone dragnet). While, after a few years, FISC started imposing its own minimization procedures and reporting requirements (and rejected proposed minimization procedures in 2010), it nevertheless kept approving Section 215 orders.

In other words, in addition to being illegal (per the 2nd Circuit), the program also violated this part of the law for 7 years.

2) Along with all the violations of minimization procedures imposed by FISC discovered in 2009, the NSA admitted that it had been tracking roughly 3,000 presumed US persons against data collected under Section 215 without first certifying that they weren’t targeted on the basis of First Amendment protected activities, as required by the statute.

Between 24 May 2006 and 2 February 2009, NSA Homeland Mission Coordinators (HMCs) or their predecessors concluded that approximately 3,000 domestic telephone identifiers reported to Intelligence Community agencies satisfied the RAS standard and could be used as seed identifiers. However, at the time these domestic telephone identifiers were designated as RAS-approved, NSA’s OGC had not reviewed and approved their use as “seeds” as required by the Court’s Orders. NSA remedied this compliance incident by re-designating all such telephone identifiers as non RAS-approved for use as seed identifiers in early February 2009. NSA verified that although some of the 3,000 domestic identifiers generated alerts as a result of the Telephony Activity Detection Process discussed above, none of those alerts resulted in reports to Intelligence Community agencies.

NSA did not fix this problem by reviewing the basis for their targeting; instead, it simply moved these US person identifiers back onto the EO 12333 only list.

While we don’t have the background explanation, in the last year, FISC reiterated that the government must give First Amendment review before targeting people under Emergency Provisions. If so, that would reflect the second time where close FISC review led the government to admit it wasn’t doing proper First Amendment reviews, which may reflect a more systematic problem. That would not be surprising, since the government has already been chipping away at that First Amendment review via specific orders.

Minimization procedure abuses

1) The best known abuses of minimization procedures imposed by the FISC were disclosed to the FISC in 2009. The main item disclosed involved the fact that NSA had been abusing the term “archive” to create a pre-archive search against identifiers not approved for search. While NSA claimed this problem arose because no one person knew what the requirements were, in point of fact, NSA’s Inspector General warned that this alert function should be disclosed to FISC, and it was a function from the Stellar Wind program that NSA simply did not turn off when FISC set new requirements when it rubber-stamped the program.

But there were a slew of other violations of FISC-imposed minimization procedures disclosed at that time, almost all arising because NSA treated 215 data just like it treats EO 12333, in spite of FISC’s clear requirements that such data be treated with additional protections. That includes making query results available to CIA and FBI, the use of automatic search functions, and including querying on any “correlated” identifiers. These violations, in sum, are very instructive for the USA F-ReDux debate because NSA has never managed to turn these automated processes back on since, and one thing they presumably hope to gain out of moving data to the providers is to better automate the process.

2) A potentially far more egregious abuse of minimization procedures was discovered (and disclosed) in 2012, when NSA discovered that raw data NSA’s techs were using over 3,000 files of phone dragnet data on their technical server past the destruction date.

As of 16 February 2012, NSA determined that approximately 3,032 files containing call detail records potentially collected pursuant to prior BR Orders were retained on a server and been collected more than five years ago in violation of the 5-year retention period established for BR collection. Specifically, these files were retained on a server used by technical personnel working with the Business Records metadata to maintain documentation of provider feed data formats and performed background analysis to document why certain contact chaining rules were created. In addition to the BR work, this server also contains information related to the STELLARWIND program and files which do not appear to be related to either of these programs. NSA bases its determination that these files may be in violation of BR 11-191 because of the type of information contained in the files (i.e., call detail records), the access to the server by technical personnel who worked with the BR metadata, and the listed “creation date” for the files. It is possible that these files contain STELLARWIND data, despite the creation date. The STELLARWIND data could have been copied to this server, and that process could have changed the creation date to a timeframe that appears to indicate that they may contain BR metadata.

But rather than investigate this violation — rather than clarify how much data this entailed, whether it had been mingled with Stellar Wind data, whether any other violations had occurred — NSA destroyed the data.

In one incident, NSA technical personnel discovered a technical server with nearly 3,000 files containing call detail records that were more than five years old, but that had not been destroyed in accordance with the applicable retention rules. These files were among those used in connection with a migration of call detail records to a new system. Because a single file may contain more than one call detail record, and because the files were promptly destroyed by agency technical personnel, the NSA could not provide an estimate regarding the volume of calling records that were retained beyond the five-year limit. The technical server in question was not available to intelligence analysts.

From everything we’ve seen the tech and research functions are not audited, not even when they’re playing with raw data (which is, I guess, why SysAdmin Edward Snowden could walk away with so many records). So not only does this violation show that tech access to raw data falls outside of the compliance mechanisms laid out in minimization procedures (in part, with explicit permission), but that NSA doesn’t try very hard to track down very significant violations that happen.

Overall sloppiness

Finally, while sloppiness on applications is not a legal violation, it does raise concerns about production under the statute. The IG Report reviewed just six case files which used Section 215 orders. Although the section is heavily redacted, there are reasons to be significantly concerned about four of those.

  • An application made using expedited approval that made a material misstatement about where FBI obtained a tip about the content of a phone call. The FBI agent involved “is no longer with the FBI.” The target was prosecuted for unlawful disclosure of nuke information, but the Section 215 evidence was not introduced into trial and therefore he did not have an opportunity to challenge any illegal investigative methods.
  • A 2009 application involving significant minimization concerns and for which FBI rolled out a “investigative value” exception for access limits on Section 215 databases. This also may involve FBI’s secret definition of US person, which I suspect pertains to treating IP addresses as non-US persons until they know it is a US person (this is akin to what they do under 702 MPs). DOJ’s minimization report to FISC included inaccuracies not fixed until June 13, 2013.
  • A 2009 application for a preliminary investigation that obtained medical and education records from the target’s employer. FBI ultimately determined the target “had no nexus to terrorism,” though it appears FBI kept all information on the target (meaning he will have records at FBI for 30 years). The FBI’s minimization report included an error not fixed until June 13, 2013, after the IG pointed it out.
  • A cyber-investigation for which the case agent could not locate the original production, which he claims was never placed in the case file.

And that’s just what can be discerned from the unredacted bits.

Remember, too: the inaccuracies (as opposed to the material misstatement) were on minimization procedures. Which suggests FBI was either deceitful — or inattentive — to how it was complying with FISC-mandated minimization procedures designed to protect innocent Americans’ privacy.

And remember — all this is just Section 215. The legal violations under PRTT were far more egregious, and there are other known violations and misstatements to FISC on other programs.

This is a troubling program, one that several judges have found either unconstitutional or illegal.

 

The AP’s Recycled “We Don’t Need a Phone Dragnet” Story Lays the Groundwork for Swapping Section 215 for CISA

/3 Comments/in , , /by

The AP has a story that it calls an “Exclusive” and says “has not been reported before” reporting that the NSA considered killing the phone dragnet back before Edward Snowden disclosed it.

The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits.

After the leak and the collective surprise around the world, NSA leaders strongly defended the phone records program to Congress and the public, but without disclosing the internal debate.

The proposal to kill the program was circulating among top managers but had not yet reached the desk of Gen. Keith Alexander, then the NSA director, according to current and former intelligence officials who would not be quoted because the details are sensitive. Two former senior NSA officials say they doubt Alexander would have approved it.

Still, the behind-the-scenes NSA concerns, which have not been reported previously, could be relevant as Congress decides whether to renew or modify the phone records collection when the law authorizing it expires in June.

The story looks a lot like (though has mostly different dates) this AP story, published just after USA Freedom Act failed in the Senate in November.

Years before Edward Snowden sparked a public outcry with the disclosure that the National Security Agency had been secretly collecting American telephone records, some NSA executives voiced strong objections to the program, current and former intelligence officials say. The program exceeded the agency’s mandate to focus on foreign spying and would do little to stop terror plots, the executives argued.

The 2009 dissent, led by a senior NSA official and embraced by others at the agency, prompted the Obama administration to consider, but ultimately abandon, a plan to stop gathering the records.

The secret internal debate has not been previously reported. The Senate on Tuesday rejected an administration proposal that would have curbed the program and left the records in the hands of telephone companies rather than the government. That would be an arrangement similar to the one the administration quietly rejected in 2009.

The unquestioned claim that the program doesn’t get cell data — presented even as the Dzhokhar Tsarnaev case makes clear it does* — appears in both (indeed, this most recent version inaccurately references T-Mobile cell phone user Basaaly Moalin’s case — getting the monetary amounts wrong — without realizing that that case, too, disproves the cell claim).

Most importantly, however, both stories report these previous questions about the efficacy of the phone dragnet in the context of questions about whether the program will be reauthorized after June.

Perhaps the most telling detail, however, is that this new story inaccurately describes what happened to the Internet dragnet in 2011.

There was a precedent for ending collection cold turkey. Two years earlier, the NSA cited similar cost-benefit calculations when it stopped another secret program under which it was collecting Americans’ email metadata — information showing who was communicating with whom, but not the content of the messages. That decision was made public via the Snowden leaks.

The NSA in no way went “cold turkey” in 2011. Starting in 2009, just before it finally confessed to DOJ it had been violating collection rules for the life of the program, it rolled out the SPCMA program that allowed the government to do precisely the same thing, from precisely the same user interface, with any Internet data accessible through EO 12333. SPCMA was made available to all units within NSA in early 2011, well before NSA “went cold turkey.” And, at the same time, NSA moved some of its Internet dragnet to PRISM production, with the added benefit that it had few of the data sharing limits that the PRTT dragnet did.

That is, rather than going “cold turkey” the NSA moved the production under different authorities, which came with the added benefits of weaker FISC oversight, application for uses beyond counterterrorism, and far, far more permissive dissemination rules.

That AP’s sources claimed — and AP credulously reported — that this is about “cold turkey” is a pretty glaring hint that the NSA and FBI are preparing to do something very similar with the phone dragnet. As with the Internet dragnet, SPCMA permits phone chaining for any EO 12333 phone collection, under far looser rules. And under CISA, anyone who “voluntarily” wants to share this data (which always includes AT&T and likely includes other backbone providers) can share promiscuously and with greater secrecy (because it is protected by both Trade Secret and FOIA exemption). Some of this production, done under PRISM, would permit the government to get “connection” chaining information more easily than under a phone dragnet. And as with the Internet dragnet, any move of Section 215 production to CISA production evades existing FISC oversight.

A year ago, Keith Alexander testified that if they just had a classified data sharing program — like CISA — they could live without the dragnet. A year ago, basically, Alexander said he’d be willing to swap CISA for the phone dragnet.

Remarkably, these inaccurate AP stories always seem to serve that story, all while fostering a laughable myth that “ending the phone dragnet” would in any way end the practice of a phone dragnet.

*Update 3/30: My claim that the Marathon case proves they got cell call data relies only on FBI claims they were able to use the dragnet to good effect. I actually think that FBI used an AT&T specific dragnet — not the complete phone dragnet — to identify the brothers’ phones (while the government has offered conflicting testimony on this account, I’m fairly certain all of Dzhokhar’s phones and Tamerlan’s pre-paid phone discussed at Dzhokhar’s trial were T-Mobile phones). But if that’s the case, then FBI lied outright when making those earlier claims. I’m perfectly willing to believe that, but if that’s the now-operative story I’d love for someone to confirm it.

The 2009 Challenge to the Dragnet

/in /by

Ken Dilanian has a story about someone who looks a lot like Chris Inglis raising questions about the phone dragnet in 2009.

A now-retired NSA senior executive, who was a longtime code-breaker who rose to top management, had just learned in 2009 about the top secret program that was created shortly after the Sept. 11, 2001, attacks. He says he argued to then-NSA Director Keith Alexander that storing the calling records of nearly every American fundamentally changed the character of the agency, which is supposed to eavesdrop on foreigners, not Americans.

Alexander politely disagreed, the former official told The Associated Press.

The former official, who spoke only on condition of anonymity because he didn’t have permission to discuss a classified matter, said he knows of no evidence the program was used for anything other than hunting for terrorism plots in the U.S. But he said he and others made the case that the collection of American records in bulk crossed a line that had been sacrosanct.

He said he also warned of a scandal if it should be disclosed that the NSA was storing records of private calls by Americans – to psychiatrists, lovers and suicide hotlines, among other contacts.

While interesting, it’s the kind of story — and it is accompanied by enough obvious errors and general lack of awareness about the program — that it raises questions about the further backstory (as for the errors, the most obvious include badly misstating how many people access the data, misstating where Basaaly Moalin is from, and accepting the source’s claim it has only been used to hunt terrorist plots rather than informants).

How do you write an intelligent story about anything having to do with the dragnet in 2009 and not mention the other issues going on with the dragnet, the 9 month process during which the ultimate structure leftover from Stellar Wind was cleaned up?

Indeed, the buried lede of this story is that someone this senior in the NSA would just be discovering the program, 8 years after it started and 3 years after it got put under FISC review. That’s consistent with what we saw from dragnet data, mind you — one reason the program was so screwed up in 2009 was that NSA’s regular coders hadn’t been overseeing its integration, even while the program appears to have gotten integrated into ICREACH in 2008.

But especially given the evidence that tech people committed the worst known violation and had access to commit far more serious ones, this part of the story should be the news.

It also raises questions about two other things going on that year. It is true that DOJ delayed quite some time from when Dianne Feinstein and Kit Bond first asked for language to resume the reauthorization program. Then, once they did start the process, DiFi was up boasting about how this (and presumably the PRTT program) were the most important investigations going on. Whether the government was honest about what they told SSCI about the program, it’s fairly clear that’s where the legislative push to retain it came from.

Then there’s the question I already raised: the change in FBI’s interpretation of Basaaly Moalin’s donations to Al-Shabaab, which earlier in 2009 they viewed as an effort to fight back against (US-backed) Ethiopian invaders. That is, did Moalin get prosecuted solely so they could have a dragnet win to justify all the other things they’re doing with the data?

The Curious Timing of FBI’s Back Door Searches

/in /by

The very first thing I remarked on when I read the Yahoo FISCR opinion when it was first released in 2009 was this passage.

The petitioner’s concern with incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions do not render those acquisitions unlawful.9 See, e.g., United States v. Kahn, 415 U.S. 143, 157-58 (1974); United States v. Schwartz, 535 F.2d 160, 164 (2d Cir. 1976). The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26 in original release; 30 in current release)

The government claimed to FISCR that it did not maintain a database of incidentally collected information from non-targeted US persons.

Barring some kind of neat parse, I didn’t buy the claim, not even in 2009.

Since then, we’ve found out that — barring some kind of neat parse — I was absolutely right. In fact, they are doing back door searches on this data, especially at FBI.

What I’m particularly intrigued by, now, is the timing.

FISCR said that in an opinion dated August 22, 2008 — over a month after the July 10, 2008 passage of the FISA Amendments Act. I have not yet found evidence of when the government said that to FISCR. It doesn’t appear in the unredacted part of their Jun 5, 2008 Merits brief (which cites Kahn but not Schwartz; see 49-50), though it might appear behind the redaction on 41. Of note, the April 25, 2008 FISC opinion doesn’t even mention the issue in its incidental collection discussion (starting at 95), though it does discuss amended certifications filed in February 2008.

So I’m guessing the government made that representation at the hearing in June, 2008.

We know, from John Bates’ rationale for authorizing NSA and CIA back door searches, such back door searches were first added to FBI minimization procedures in 2008.

When Bates approved back door searches in his October 3, 2011 opinion, he pointed to FBI’s earlier (and broader) authorities to justify approving it for NSA and CIA. While the mention of FBI is redacted here, at that point it was the only other agency whose minimization procedures had to be approved by FISC, and FBI is the agency that applies for traditional FISA warrants.

[redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted]. In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definitions of minimization procedures at 50 U.S.C. §§ 1801(h) and 1821(4). It follows that the substantially-similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.

So since 2008, FBI has had the ability to do back door searches on all the FISA-authorized data they get, including taps targeting US persons.

The FBI Minimization procedures submitted with the case all date to the 1990s, though a 2006 amendment changing how they logged the identities of US persons collected (note, in 2011, John Bates was bitching at FBI for having ignored an order to reissue all its minimization procedures with updates; I can see why he complained).

As described in the Government’s response of June 16, 2006, identities of U.S. persons that have not been logged are often maintained in FBI databases that contain unminimized information. The procedures now simply refer to “the identities” of U.S. persons, acknowledging that the FBI may not have previously logged such identities.

But there’s reason to believe the FBI minimization procedures — and this logging process — was changed in 2008, because a government document submitted in the Basaaly Moalin case — we know Moalin was wiretapped from December 2007 to April 2008, so during precisely the period of the Yahoo challenge, though he was not indicted until much later — referenced two sets of minimization procedures, seeming to reflect a change in minimization during the period of his surveillance (or perhaps during the period of surveillance of Aden Ayro, which is how Moalin is believed to have been identified).

That is, it all seems to have been happening in 2008.

The most charitable guess would be that explicit authorization for back door searches happened with the FAA, so before the FISCR ruling, but after the briefing.

Except in a letter to Russ Feingold during early debates  on the FAA, Mike Mukasey and Mike McConnell (the latter of whom was involved in this Yahoo fight) strongly shot down a Feingold amendment that would have required the government to segregate all communications not related to terrorism (and a few other things), and requiring a FISA warrant to access them.

The Mukasey-McConnell attack on segregation is most telling. They complain that the amendment makes a distinction between different kinds of foreign intelligence (one exception to the segregation requirement in the amendment is for “concerns international terrorist activities directed against the United States, or activities in preparation therefor”), even while they claim it would “diminish our ability swiftly to monitor a communication from a foreign terrorist overseas to a person in the United States.” In other words, the complain that one of the only exceptions is for communications relating terrorism, but then say this will prevent them from getting communications pertaining to terrorism.

Then it launches into a tirade that lacks any specifics:

It would have a devastating impact on foreign intelligence surveillance operations; it is unsound as a matter of policy; its provisions would be inordinately difficult to implement; and thus it is unacceptable.

As Feingold already pointed out, the government has segregated the information they collected under PAA–they’re already doing this. But to justify keeping US person information lumped in with foreign person information, they offer no affirmative reason to do so, but only say it’s too difficult and so they refuse to do it.

Even 5 years ago, the language about the “devastating impact” segregating non-terrorism data might have strongly suggested the entire point of this collection was to provide for back door searches.

But that letter was dated February 5, 2008, before the FISCR challenge had even begun. While not definitive, this seems to strongly suggest, at least, that the government planned — even if it hadn’t amended the FBI minimization procedures yet — to retain a database of incidentally data to search on, before the government told FISCR they did not.

Update: I forgot a very important detail. In a hearing this year, Ron Wyden revealed that NSA’s authority to do back door searches had been closed some time during the Bush Administration, before it was reopened by John “Bates stamp” Bates.

Let me start by talking about the fact that the House bill does not ban warrantless searches for Americans’ emails. And here, particularly, I want to get into this with you, Mr. Ledgett if I might. We’re talking of course about the backdoor search loophole, section 702 of the FISA statute. This allows NSA in effect to look through this giant pile of communications that are collected under 702 and deliberately conduct warrantless searches for the communications of individual Americans.  This loophole was closed during the Bush Administration, but it was reopened in 2011, and a few months ago the Director of National Intelligence acknowledged in a letter to me that the searches are ongoing today. [my emphasis]

When I noted that Wyden had said this, I guessed that the government had shut down back door searches in the transition from PAA to FAA, but that seems less likely, having begun to review these Yahoo documents, then that it got shut down in response to the hospital confrontation.

But it shows that more extensive back door searches had been in place before the government implied to the FISCR that they weren’t doing back door searches that they clearly were at least contemplating at that point. I’d really like to understand how the government believes they didn’t lie to the FISCR in that comment (though it wouldn’t be the last time they lied to courts about their databases of Americans).

Garr King’s Mohamud Decision: Classifying the Unclassified Details of Section 215

/2 Comments/in /by

There are a lot of appalling things Garr King did in his opinion denying Mohamed Osman Mohamud any of a number of remedies for the government not having revealed he was caught using Section 702.

King gives far too much credence to the government’s farcical claims about why they didn’t disclose the 702 surveillance back when they disclosed the traditional FISA surveillance.  I think King’s portrayal of the FISA Court contradicts itself — and the public record — from paragraph to paragraph (see the last paragraph on 18 and the first on 19, especially). The Third Party argument used for content (see page 40) is pretty crazy, and the minimization procedures discussion (page 41) is ripe for challenge under Chief Justice John Roberts’ insistence that “protocols” are not the protection from General Warrants our Founders fought a Revolution for (and even King seems unpersuaded by the Government’s arguments about back door searches on page 43).

But King’s craziest move is to hide his argument for rejecting Mohamud’s challenge to Section 215 collection.

Defendant raises concerns about the collection of telephone metadata under § 215 of the Patriot Act, codified at 50 U.S.C. § 1861, and any other still-secret warrantless surveillance programs. He assumes there is a strong possibility that his telephone metadata has been collected, and he asks the court to address the lawfulness of these programs, conclude they violate the First and Fourth Amendments, and suppress all fruits of these other surveillance activities.

I deny defendant’s arguments concerning § 215 for the reasons stated in the classified opinion.

It seems to me the proper responses to this question should have been a standing argument (he has no proof he was surveilled, even though we all were) or an unclassified discussion, as Jeffery Miller managed in the Basaaly Moalin case. But to put this discussion of a program that the government claims it has substantially declassified in a classified opinion seems to confirm 215 was used, but deprives Mohamud of challenging the new details about its use the government likely provided.

I suspect it is likely that the government has used Moalin’s call records just like James Clapper admitted they do from the start, as a kind of index to find the content of interest. If I’m right, King’s discussion of it would pertain directly to his wobbly support for back door searches. And it would show just how outrageous the phone dragnet is — because it basically amounts to content “collection” without a warrant (which brings us back to King’s crazypants treatment of content as if it fell under the Third Party doctrine).

We have now had at least 4 cases assessing the constitutionality of the phone dragnet decided in largely unclassified fashion, including another criminal defendant.

And yet the first defendant who might challenge the way Section 215 is likely yoked to Section 702 somehow loses the right to have an adversarial discussion about it.

That seems to betray just how damaging such a discussion might be to the government’s claims.

The Verizon Publicity Stunt, Mosaic Theory, and Collective Fourth Amendment Rights

/19 Comments/in , /by

On Friday, I Con the Record revealed that a telecom — Ellen Nakashima confirms it was Verizon — asked the FISA Court to make sure its January 3 order authorizing the phone dragnet had considered Judge Richard Leon’s December 16 decision that it was unconstitutional. On March 20, Judge Rosemary Collyer issued an opinion upholding the program.

Rosemary Collyer’s plea for help

Ultimately, in an opinion that is less shitty than FISC’s previous attempts to make this argument, Collyer examines the US v. Jones decision at length and holds that Smith v. Maryland remains controlling, mostly because no majority has overturned it and SCOTUS has provided no real guidance as to how one might do so. (Her analysis raises some of the nuances I laid out here.)

The section of her opinion rejecting the “mosaic theory” that argues the cumulative effect of otherwise legal surveillance may constitute a search almost reads like a cry for help, for guidance in the face of the obvious fact that the dragnet is excessive and the precedent that says it remains legal.

A threshold question is which standard should govern; as discussed above, the court of appeals’ decision in Maynard and two concurrences in Jones suggest three different standards. See Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Mich. L. Rev. at 329. Another question is how to group Government actions in assessing whether the aggregate conduct constitutes a search.See id. For example, “[w]hich surveillance methods prompt a mosaic approach? Should courts group across surveillance methods? If so, how? Id. Still another question is how to analyze the reasonableness of mosaic searches, which “do not fit an obvious doctrinal box for determining reasonableness.” Id. Courts adopting a mosaic theory would also have to determine whether, and to what extent, the exclusionary rule applies: Does it “extend over all the mosaic or only the surveillance that crossed the line to trigger a search?”

[snip]

Any such overhaul of Fourth Amendment law is for the Supreme Court, rather than this Court, to initiate. While the concurring opinions in Jones may signal that some or even most of the Justices are ready to revisit certain settled Fourth Amendment principles, the decision in Jones itself breaks no new ground concerning the third-party disclosure doctrine generally or Smith specifically. The concurring opinions notwithstanding, Jones simply cannot be read as inviting the lower courts to rewrite Fourth Amendment law in this area.

As I read these passages, I imagined that Collyer was trying to do more than 1) point to how many problems overruling the dragnet would cause and 2) uphold the dignity of the rubber stamp FISC and its 36+ previous decisions the phone dragnet is legal.

There is reason to believe she knows what we don’t, at least not officially: that even within the scope of the phone dragnet, the dragnet is part of more comprehensive mosaic surveillance, because it correlates across platforms and identities. And all that’s before you consider how, once dumped into the corporate store and exposed to NSA’s “full range of analytic tradecraft,” innocent Americans might be fingerprinted to include our lifestyles.

That is, not only doesn’t Collyer see a way (because of legal boundary concerns about the dragnet generally, and possibly because of institutional concerns about FISC) to rule the dragnet illegal, but I suspect she sees the reverberations that such a ruling would have on the NSA’s larger project, which very much is about building mosaics of intelligence.

No wonder the government is keeping that August 20, 2008 opinion secret, if it indeed discusses the correlations function in the dragnet, because it may well affect whether the dragnet gets assessed as part of the mosaic NSA uses it as.

Verizon’s flaccid but public legal complaint

Now, you might think such language in Collyer’s opinion would invite Verizon to appeal this decision. But given this lukewarm effort, it seems unlikely to do so. Consider the following details:

Leon issued his decision December 16. Verizon did not ask the FISC for guidance (which makes sense because they are only permitted to challenge orders).

Verizon got a new Secondary Order after the January 3 reauthorization. It did not immediately challenge the order.

It only got around to doing so on January 22 (interestingly, a few days after ODNI exposed Verizon’s role in the phone dragnet a second time), and didn’t do several things — like asking for a hearing or challenging the legality of the dragnet under 50 USC 1861 as applied — that might reflect real concern about anything but the public appearance of legality. (Note, that timing is of particular interest, given that the very next day, on January 23, PCLOB would issue its report finding the dragnet did not adhere to Section 215 generally.)

Indeed, this challenge might not have generated a separate opinion if the government weren’t so boneheaded about secrecy.

Verizon’s petition is less a challenge of the program than an inquiry whether the FISC has considered Leon’s opinion.

It may well be the case that this Court, in issuing the January 3,2014 production order, has already considered and rejected the analysis contained in the Memorandum Order. [redacted] has not been provided with the Court’s underlying legal analysis, however, nor [redacted] been allowed access to such analysis previously, and the order [redacted] does not refer to any consideration given to Judge Leon’s Memorandum Opinion. In light of Judge Leon’s Opinion, it is appropriate [redacted] inquire directly of the Court into the legal basis for the January 3, 2014 production order,

As it turns out, Judge Thomas Hogan (who will take over the thankless presiding judge position from Reggie Walton next month) did consider Leon’s opinion in his January 3 order, as he noted in a footnote.

Screen Shot 2014-04-28 at 10.49.42 AM

And that’s about all the government said in its response to the petition (see paragraph 3): that Hogan considered it so the FISC should just affirm it.

Verizon didn’t know that Hogan had considered the opinion, of course, because it never gets Primary Orders (as it makes clear in its petition) and so is not permitted to know the legal logic behind the dragnet unless it asks nicely, which is all this amounted to at first.

Note that the government issued its response (as set by Collyer’s scheduling order) on February 12, the same day it released Hogan’s order and its own successful motion to amend it. So ultimately this headache arose, in part, because of the secrecy with which it treats even its most important corporate spying partners, which only learn about these legal arguments on the same schedule as the rest of us peons.

Yet in spite of the government’s effort to dismiss the issue by referencing Hogan’s footnote, Collyer said because Verizon submitted a petition, “the undersigned Judge must consider the issue anew.” Whether or not she was really required to or could have just pointed to the footnote that had been made public, I don’t know. But that is how we got this new opinion.

Finally, note that Collyer made the decision to unseal this opinion on her own. Just as interesting, while neither side objected to doing so, Verizon specifically suggested the opinion could be released with no redactions, meaning its name would appear unredacted.

The government contends that certain information in these Court records (most notably, Petitioner’s identity as the recipient of the challenged production order) is classified and should remain redacted in versions of the documents that are released to the public. See Gov’t Mem. at 1. Petitioner, on the other hand, “request[s] no redactions should the Court decide to unseal and publish the specified documents.” Pet. Mem. at 5. Petitioner states that its petition “is based entirely on an assessment of [its] own equities” and not on “the potential national security effects of publication,” which it “is in no position to evaluate.” Id.

I’ll return to this. But understand that Verizon wanted this opinion — as well as its own request for it — public.

Read more

Yet More Cell Phones IDed in Program that Purportedly Doesn’t Get Cell Phones

/5 Comments/in /by

For another purpose, I’m reviewing Robert Mueller’s declaration in support of the government’s report to the FISA Court in 2009, attempting to get full phone dragnet privileges turned back on. (starting on PDF 91)

As part of it, Mueller provides narratives about 4 FBI investigations that became full investigations as a result of phone dragnet data.

One of those (the first, starting on PDF 102) is Basaaly Moalin. As I’ve already noted, that involved the connection of at least one and almost certainly two T-Mobile cell phone users to a phone used by Somali warlord Aden Ayro.

While the declaration’s redaction on this point is inconsistent, it does confirm cell phones were involved in the chain between Ayro and Moalin (and may suggest Moalin was identified on a 3rd degree connection, not 2nd as court documents had seemed to imply).

Screen shot 2014-04-20 at 10.13.08 AM

 

But the description of another case, ultimately involving a selector who got killed off, involved another cell phone.

 

Screen shot 2014-04-20 at 10.01.42 AM

 

Of course, in this case, the newly identified cell phone could be an AT&T cell, and there seems to be no claim that those aren’t collected under the phone dragnet.

Altogether, unredacted sections of Mueller’s narrative mention cell phones 6 times, and a number of the redactions appear likely to hide others. A number of those, mind you, are probably foreign cells, which were likely collected under EO 12333. But given that 12333 data was mixed with (and, indeed, indistinguishable from to the NSA at that point) Section 215 data, claims the database couldn’t accept cell data seem clearly wrong.

Still, given all the credulous claims that the phone dragnet has not been collecting cell data, it seems rather relevant that FBI’s own discussions of the phone dragnet successes involve so many cell phones.

The Government Tries to Quickly Force Feed Its Dog Its Phone Dragnet Homework

/6 Comments/in /by

I have been following the government’s claims that it needs to make the phone dragnet plaintiffs look bad preserve evidence in the phone dragnet cases. I noted:

  1. NSA’s claim, on February 20, that it might need to preserve the phone dragnet information
  2. EFF Legal Director Cindy Cohn’s observation that NSA already should have been preserving phone dragnet data because of earlier orders in EFF cases
  3. NSA’s own claim, in 2009, that it was under a preservation order that might prevent it from destroying illegal alert information
  4. NSA’s own quickness to destroy 3,000 violative files in 2012 when caught retaining data in ways it shouldn’t have been
  5. NSA’s rather bizarre claim — given their abysmal track record on this point — that a great concern about defendants’ rights meant they had to keep the data
  6. The likelihood that, that claim of concern about defendants’ rights notwithstanding, NSA had probably already destroyed highly relevant data pertaining to Basaaly Moalin
  7. FISC’s equally bizarre — given their own destruction of any normal meaning of the word, “relevant” — order to force the government to continue destroying the dragnet data

That last bit — FISC’s order that the government go on destroying data in spite of existing protection orders to retain it — happened Friday.

Since Friday, the EFF has been busy.

First, it filed a motion for a Temporary Restraining Order to retain the records, pointing out that there have been two preservation order in effect for at least 5 years that should govern the phone dragnet.

There has been litigation challenging the lawfulness of the government’s telephone metadata collection activity, Internet metadata collection activity, and upstream collection activity pending in the Northern District of California continuously since 2006. The government has been under evidence preservation orders in those lawsuits continuously since 2007.

The first-filed case was Hepting v. AT&T, No. 06-cv-0672 (N.D. Cal). It became the lead case in the MDL proceeding in this district, In Re: National Security Agency Telecommunications Records Litigation, MDL No. 06-cv-1791-VRW (N.D. Cal). On November 6, 2007, this Court entered an evidence preservation order in the MDL proceeding. ECF No. 393 in MDL No. 06-cv- 1791-VRW. One of the MDL cases, Virginia Shubert, et al., v. Barack Obama, et al. No. 07-cv- 0603-JSW (N.D. Cal.), remains in litigation today before this Court, and the MDL preservation order remains in effect today as to that case.

In 2008, movants filed this action—Jewel v. NSA—and this Court related it to the Hepting action. This Court entered an evidence preservation order in Jewel. ECF No. 51. The Jewel evidence preservation order remains in effect as of today.

EFF also filed a similar motion with the FISA Court.

And it provided all the emailed reminders it sent the government, starting on February 26 after the government filed a motion with FISC to destroy the data, that it was already under a preservation order. On February 28, DOJ asked EFF to hold off until roughly March 5. But DOJ did nothing at that time, and EFF followed up again on March 7, after the order, asking how it was that the FISC didn’t know that existing preservation orders covered the phone dragnet. In response, DOJ’s Marcia (Marcy) Berman got dragged back into the case to give this convincing response.

[T]he Government’s motion fo the FISC, and the FISC’s decision today [March 7], addressed the recent litigation challenging the FISC-authorized telephony metadata collection under Section 215-litigation as to which there are no preservation orders. As we indicated last week, the Government’s motion did not address the pending Jewel (and Shubert) litigation because the district court had previously entered preservation orders applicable to those cases. As we also indicated, since the entry of those orders the Government has complied with our preservation obligations in those cases. At the time the preservation issue was first litigated in the MDL proceedings in 2007, the Government submitted a classified ex parte, in camera declaration addressing in detail the steps taken to meet our preservation obligations. Because the activities undertaken in connection with the President’s Surveillance Program (PSP) were not declassified until December 2013, we were not able to consult with you previously about the specific preservation steps that have been taken with respect to the Jewel litigation. However, the Government described for the district court in 2007 how it was meeting its preservation obligations, including with respect to the information concerning the PSP activities declassified last December. We have been working with our clients to prepare an unclassified summary of the preservation steps described to the court in 2007 so that we can address your questions in an orderly fashion with Judge White, if you continue to believe that is necessary.

After San Francisco Judge Jeffrey White ordered the government to explain itself, the government changed the timeline, suppressing the fact that they told EFF to hold off on making any filings. It also said it would just have to keep destroying data.

Therefore, in light of the FISC’s March 7 order, the Government currently remains subject to orders of the FISC—the Article II Court established by Congress with authority to issue orders pursuant to FISA and to impose specific minimization requirements—which orders require the destruction of call-details records collected by the NSA pursuant to Section 215 that are more than five years old.

In light of the obligations created by those orders, on March 7, 2014, upon receipt of the FISC’s decision, the Government filed a notice in First Unitarian and other cases challenging the legality of the Section 215 telephony metadata program of the Government’s intention, as of the morning of Tuesday, March 11, 2014, to comply with applicable FISC orders requiring the destruction of call-detail records at this time, absent a court order to the contrary.

Judge White was not impressed — he issued an order requiring the government to retain the data.

There are two things, even at first glance, that don’t make sense about all this.

First, there’s still one case that hasn’t been officially mentioned in any court discussion of retaining data I know of: Basaaly Moalin’s challenge to his dragnet identification, based off 2007 data that has probably already been destroyed but which almost certainly would reflect the many violations characteristic of the program at the time.

Then there’s the likelihood that one or both of the EFF cases was the case mentioned on February 17, 2009 — just over the 5 year age-off period at this point — regarding age-off requirements. If it was relevant then, why isn’t it now? Note, Reggie Walton is still presiding over the same decisions, so if that earlier case were an EFF one, Walton should know about it.

I would normally think this charade was just two sides lobbying for good press. Except that the phone dragnet data from just over 5 years ago — the stuff that would age off if the government followed FISC’s order — would show a great deal of violations, almost certainly constitutionally so.

So who is the entity in such a rush to destroy that data? DOJ? Or the FISC?