Posts

NSA’s Single Section 215 Success Would Probably Be Impossible If NSA’s Latest Claims Were True

It looks increasingly like the sole Section 215 success the FBI has had would be impossible under the claims about limits to dragnet collection NSA leaked last week.

Last week, four journalists reported that the NSA doesn’t collect cell phone data in its phone dragnet program (they presumably meant, but did not specify, just the Section 215-authorized phone dragnet, which is just a small part of the phone dragnet). (WSJWaPoLAT, NYT) As a result — these reporters claimed — as more and more Americans rely on cell phones, the NSA’s phone dragnet has come to cover just 20 to 30% of the phone data in the US.

As I noted, the claim was particularly curious given that all the major examples in which the NSA has used the phone dragnet involved cell phone users.

Still, even in those cases, it was possible that NSA got the phone records via interim hops. That is, if a land line user whose calls were picked up in the dragnet called two cell phones, those numbers would be identified, though their calls to other cell users would not (again, this is if these recent claims are correct).

All that said, the sole case where the dragnet found someone with ties to terrorism they otherwise would not have identified, San Diego taxi driver Basaaly Moalin, increasingly looks to have been impossible under the terms now claimed by NSA leakers.

That’s because Moalin and his known US-based interlocutor through whom the government says he communicated with Somali warlord Aden Ayro, hawala operator Mohamed Ahmed, both used cell phones, both from T-Moble, according to Moalin’s attorney Joshua Dratel. The government has said it identified Moalin on at least the second hop. If that interim hop was Ahmed, Ahmed’s calls to Moalin would not have been collected, if the NSA’s current claims are true.

Assuming Ahmed was that interim hop, then, the dragnet could not have identified Moalin, at least not under the limits currently claimed by the NSA and the public claims made about the investigation into Moalin.

There are several possible explanations for why the phone dragnet did find him.

First, it’s possible the claims are entirely false, and that the NSA includes T-Mobile in its Section 215 collection. I think that’s unlikely; for a variety of reasons I believe just 3 providers — AT&T, Verizon, and Sprint — get Secondary Orders under the phone dragnet.

It’s possible that an earlier WSJ story (cited by several of these reporters) correctly described how T-Mobile data gets included in the dragnet: via the backbone provider of the networks T-Mobile uses (which, if claims Verizon doesn’t provide cell data are true, would mean AT&T provided it).

The National Security Agency’s controversial data program, which seeks to stockpile records on all calls made in the U.S., doesn’t collect information directly from T-Mobile USA and Verizon Wireless, in part because of their foreign ownership ties, people familiar with the matter said.

The blind spot for U.S. intelligence is relatively small, according to a U.S. official. Officials believe they can still capture information, or metadata, on 99% of U.S. phone traffic because nearly all calls eventually travel over networks owned by U.S. companies that work with the NSA.

[snip]

When a T-Mobile or Verizon Wireless call is made, it often must travel over one of these networks, requiring the carrier to pay the cable owner. The information related to that transaction—such as the phone numbers involved and length of call—is recorded and can then be passed to the NSA through its existing relationships. Additionally, T-Mobile relies on other wireless companies to fill holes in its infrastructure. That shared equipment could allow the government to collect the data.

If that’s the case, however, it means the only way the current claims about the Section 215 dragnet are true is if this collection happens offshore, counting as EO 12333 collection. Which would further mean that even with 20% coverage from domestic production, the NSA still gets most calls in the US.

Finally, it’s possible the dragnet identified Moalin via collection entirely collected overseas. Which would mean the claims he was identified under Section 215 — made repeatedly to Congress (though not, curiously, in declarations in the lawsuits against the dragnet) — would be false. It would also mean his prosecution was based on the foreign collection of US person data under no more than an Executive Order.

Here’s the remarkable thing about those two last possibilities. At least as late as March 2009, the NSA could not distinguish the data source for its dragnet query results. A query result from October 2007, when Moalin was first identified, might not distinguish between EO 12333 and Section 215 in the results — though at least according to FISC orders, the Section 215 data may not have gotten mixed in with the EO 12333 data yet. (By 2011, results came back tagged with XML tags to identify not only what authority the data was collected under, but which SIGAD collection point it had been collected from, though some data points get collected under more than one authority and collection point.)  That means, unless NSA knows for a fact how it collected T-Mobile data back in 2007, it may not know how it found Moalin. And if it found Moalin off an EO 12333 search, NSA would not have needed even Reasonable Articulable Suspicion to search for connections. It is possible that if NSA initiated the search on any Somali but Aden Ayro (Ayro had ties with Al Qaeda beyond just his al-Shabaab membership and therefore would meet RAS guidelines), they would not have had Reasonable Articulable Suspicion that the identifier had ties to Al Qaeda.

In any case, as I laid out, there are a number of ready explanations for how the dragnet identified Moalin even though he and one likely intermediary were using phones purportedly not collected under the dragnet. But those explanations either mean the recent claims about the extent of the dragnet collection are false, or there are many more questions about how Moalin got targeted.

NSA’s Latest Claim: It Only Gets 30% of “Substantially All” the Hay in the Haystack

SIGINT and 215In December 2007, the FBI began intercepting MOALIN’s cell phone.

FBI search warrant affidavit seeking (among other things) additional cell phones, October 29, 2010

Yesterday, Siobhan Gorman reported that NSA’s “phone-data program” collects 20% or less of the phone data in the US. She explains that the program doesn’t collect cell phone data, and so has covered a decreasing percentage of US calls over the last several years.

The National Security Agency’s phone-data program, which has been at the center of controversy over the NSA’s surveillance operations, collects information from about 20% or less of all U.S. calls—much less than previously described by lawmakers.

The program had been described as collecting records on virtually every phone call placed in the U.S., but in fact, it doesn’t cover records for most cellphones, the fastest-growing sector in telephony and an area where the agency has struggled to keep pace, according to several people familiar with the program.

Ellen Nakashima’s report places the percentage between 20 and 30%, echoing Gorman’s claim about limits on cell data.

The actual percentage of records gathered is somewhere between 20 and 30 percent and reflects Americans’ increasing turn away from the use of land lines to cellphones. Officials also have faced technical challenges in preparing the NSA database to handle large amounts of new records without taking in data such as cell tower locations that are not authorized for collection.

[snip]

The bulk collection began largely as a land-line program, focusing on carriers such as AT&T and Verizon Business Network Services. At least two large wireless companies are not covered — Verizon Wireless and T-Mobile U.S., which was first reported by the Wall Street Journal.

Industry officials have speculated that partial foreign ownership has made the NSA reluctant to issue orders to those carriers. But U.S. officials said that was not a reason.

“They’re doing business in the United States; they’re required to comply with U.S. law,” said one senior U.S. official. “A court order is a court order.”

Rather, the official said, the drop in collection stems from several factors.

Apart from the decline in land-line use, the agency has struggled to prepare its database to handle vast amounts of cellphone data, current and former officials say. For instance, cellphone records may contain geolocation data, which the NSA is not permitted to receive.

These reports offer a more credible explanation than Geoffrey Stone’s multiple claims to this effect about why the program misses data. So they may be true.

But I think they instead point to the legal range of authorities NSA uses to collect phone records, not to what records they actually have in their possession.

These reports are commenting (though without specifying, or even seeming to be aware they need to specify) on what the government claims it collects under Section 215. These reports are not commenting on what NSA collects under all authorities.

In this post I will show why I believe these reports to be credible only in a very narrow sense. In a follow-up post I will point to the legal issues that underlie the Administration’s conflicting claims about what it collects.

Read more

When Judge Reggie Walton Disappeared the FBI Director: The Tell that FISC Wasn’t Following the Law

SEN. MIKULSKI: General Clapper, there are 36 different legal opinions.

DIR. CLAPPER: I realize that.

SEN. MIKULSKI: Thirty-six say the program’s constitutional. Judge Leon said it’s not.

Thirty-six “legal opinions” have deemed the dragnet legal and constitutional, its defenders say defensively, over and over again.

But that’s not right — not by a long shot, as ACLU’s Brett Max Kaufman pointed out in a post yesterday. In its report, PCLOB confirmed what I first guessed 4 months ago: the FISA Court never got around to writing an opinion considering the legality or constitutionality of the dragnet until August 29, 2013.

FISC judges, on 33 occasions before then, signed off on the dragnet without bothering to give it comprehensive legal review.

Sure, after the program had been reauthorized 11 times, Reggie Walton considered the more narrow question of whether the program violates the Stored Communications Act (I suspect, but cannot yet prove, that the government presented that question because of concerns raised by DOJ IG Glenn Fine). But until Claire Eagan’s “strange” opinion in August, no judge considered in systematic fashion whether the dragnet was legal or constitutional.

And the thing is, I think FISC judge — now Presiding Judge — Reggie Walton realized around about 2009 what they had done. I think he realized the program didn’t fit the statute.

Consider a key problem with the dragnet — another one I discussed before PCLOB (though I was not the first or only one to do so). The wrong agency is using it.

Section 215 does not authorize the NSA to acquire anything at all. Instead, it permits the FBI to obtain records for use in its own investigations. If our surveillance programs are to be governed by law, this clear congressional determination about which federal agency should obtain these records must be followed.

Section 215 expressly allows only the FBI to acquire records and other tangible things that are relevant to its foreign intelligence and counterterrorism investigations. Its text makes unmistakably clear the connection between this limitation and the overall design of the statute. Applications to the FISA court must be made by the director of the FBI or a subordinate. The records sought must be relevant to an authorized FBI investigation. Records produced in response to an order are to be “made available to,” “obtained” by, and “received by” the FBI. The Attorney General is directed to adopt minimization procedures governing the FBI’s retention and dissemination of the records it obtains pursuant to an order. Before granting a Section 215 application, the FISA court must find that the application enumerates the minimization procedures that the FBI will follow in handling the records it obtains. [my emphasis, footnotes removed]

The Executive convinced the FISA Court, over and over and over, to approve collection for NSA’s use using a law authorizing collection only by FBI.

Which is why I wanted to point out something else Walton cleaned up in 2009, along with watchlists of 3,000 Americans who had not received First Amendment Review. Judge Reggie Walton disappeared the FBI Director.

>>>Poof!<<<

Gone.

The structure of all the dragnet orders released so far (save Eagan’s opinion) follow a similar general structure:

  • An (unnumbered, unlettered) preamble paragraph describing that the FBI Director made a request
  • 3-4 paragraphs measuring the request against the statute, followed by some “wherefore” language
  • A number of paragraphs describing the order, consisting of the description of the phone records required, followed by 2 minimization paragraphs, the first pertaining to FBI and,
  • The second paragraph introducing minimization procedures for NSA, followed by a larger number of lettered paragraphs describing the treatment of the records and queries (this section got quite long during the 2009 period when Walton was trying to clean up the dragnet and remains longer to this day because of the DOJ oversight Walton required)

Here’s how the first three paragraphs looked in the first order and (best as I can tell) the next 11 orders, including Walton’s first order in December 2008:

An application having been made by the Director of the Federal Bureau of Investigation (FBI) for an order pursuant to the Foreign Intelligence Surveillance Act of 1978 (the Act), Title 50, United States Code (U.S.C.), § 1861, as amended, requiring the production to the National Security Agency (NSA) of the tangible things described below, and full consideration having been given to the matters set forth therein, the Court finds that:

1. The Director of the FBI is authorized to make an application for an order requiring the production of any tangible thing for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism, provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the First Amendment to the Constitution of the United States. [50 U.S.C. § 1861 (c)(1)]

2. The tangible things to be produced are all call-detail records or “telephone metadata” created by [the telecoms]. Telephone metadata includes …

[snip]

3. There are reasonable grounds to believe that the tangible things sought are relevant to authorized investigations (other than threat assessments) being conducted by the FBI under guidelines approved by the Attorney General under Executive Order 12,333 to protect against international terrorism, … [my emphasis]

Here’s how the next order and all (released) following orders start [save the bracketed language, which is unique to this order]:

An verified application having been made by the Director of the Federal Bureau of Investigation (FBI) for an order pursuant to the Foreign Intelligence Surveillance Act of 1978 (FISA), as amended, 50 U.S.C. § 1861, requiring the production to the National Security Agency (NSA) of the tangible things described below, and full consideration having been given to the matters set forth therein, [as well as the government’s filings in Docket Number BR 08-13 (the prior renewal of the above-captioned matter),] the Court finds that:

1. There are reasonable grounds to believe that the tangible things sought are relevant to authorized investigations (other than threat assessments) being conducted by the FBI under guidelines approved by the Attorney General under Executive Order 12333 to protect against international terrorism, …

That is, Walton took out the paragraph — which he indicated in his opinion 3 months earlier derived from the statutory language at 50 U.S.C. § 1861 (c)(1) — pertaining to the FBI Director. The paragraph always fudged the issue anyway, as it doesn’t discuss the FBI Director’s authority to obtain this for the NSA. Nevertheless, Walton seems to have found that discussion unnecessary or unhelpful.

Walton’s March 5, 2009 order and all others since have just 3 statutory paragraphs, which basically say:

  1. The tangible things are relevant to authorized FBI investigations conducted under EO 12333 — Walton cites 50 USC 1861 (c)(1) here
  2. The tangible things could be obtained by a subpoena duces tecum (50 USC 1861 (c)(2)(D)
  3. The application includes an enumeration of minimization procedures — Walton doesn’t cite statute in this May 5, 2009 order, but later orders would cite 50 USC 1861 (c)(1) again

Here’s what 50 USC 1861 (c)(1), in its entirety, says:

(1) Upon an application made pursuant to this section, if the judge finds that the application meets the requirements of subsections (a) and (b), the judge shall enter an ex parte order as requested, or as modified, approving the release of tangible things. Such order shall direct that minimization procedures adopted pursuant to subsection (g) be followed.

And here are two key parts of subsections (a) and (b) — in addition to “relevant” language that has always been included in the dragnet orders.

(a) Application for order; conduct of investigation generally

(1) Subject to paragraph (3), the Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things

[snip]

(2) shall include—

[snip]

(B) an enumeration of the minimization procedures adopted by the Attorney General under subsection (g) that are applicable to the retention and dissemination by the Federal Bureau of Investigation of any tangible things to be made available to the Federal Bureau of Investigation based on the order requested in such application.

FBI … FBI … FBI.

The language incorporated in 50 USC 1861 (c)(1) that has always been cited as the standard judges must follow emphasizes the FBI repeatedly (PCLOB laid out that fact at length in their analysis of the program). And even Reggie Walton once admitted that fact.

And then, following his lead, FISC stopped mentioning that in its statutory analysis altogether.

Eagan didn’t even consider that language in her “strange” opinion, not even when citing the passages (here, pertaining to minimization) of Section 215 that directly mention the FBI.

Section 215 of the USA PATRIOT Act created a statutory framework, the various parts of which are designed to ensure not only that the government has access to the information it needs for authorized investigations, but also that there are protections and prohibitions in place to safeguard U.S. person information. It requires the government to demonstrate, among other things, that there is “an investigation to obtain foreign intelligence information … to [in this case] protect against international terrorism,” 50 U.S.C. § 1861(a)(1); that investigations of U.S. persons are “not conducted solely upon the basis of activities protected by the first amendment to the Constitution,” id.; that the investigation is “conducted under guidelines approved by the Attorney General under Executive Order 12333,” id. § 1861(a)(2); that there is “a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant” to the investigation, id. § 1861(b)(2)(A);14 that there are adequate minimization procedures “applicable to the retention and dissemination” of the information requested, id. § 1861(b)(2)(B); and, that only the production of such things that could be “obtained with a subpoena duces tecum” or “any other order issued by a court of the United States directing the production of records” may be ordered, id. § 1861(c)(2)(D), see infra Part III.a. (discussing Section 2703(d) of the Stored Communications Act). If the Court determines that the government has met the requirements of Section 215, it shall enter an ex parte order compelling production.

This Court must verify that each statutory provision is satisfied before issuing the requested Orders. For example, even if the Court finds that the records requested are relevant to an investigation, it may not authorize the production if the minimization procedures are insufficient. Under Section 215, minimization procedures are “specific procedures that are reasonably designed in light of the purpose and technique of an order for the production of tangible things, to minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information.” Id. § 1861(g)(2)(A)

Reggie Walton disappeared the FBI Director as a statutory requirement (he retained that preamble paragraph, the nod to authorized FBI investigations, and the perfunctory paragraph on minimization of data provided from NSA to FBI) on March 5, 2009, and he has never been heard from in discussions of the FISC again.

Now I can imagine someone like Steven Bradbury making an argument that so long as the FBI Director actually signed the application, and so long as the FBI had minimization procedures for the as few as 16 tips they receive from the program in a given year, it was all good to use an FBI statute to let the NSA collect a dragnet potentially incorporating all the phone records of all Americans. I can imagine Bradbury pointing to the passive construction of that “things to be made available” language and suggest so long as there were minimization procedures about FBI receipt somewhere, the fact that the order underlying that passive voice was directed at the telecoms didn’t matter. That would be a patently dishonest argument, but not one I’d put beyond a hack like Bradbury.

The thing is, no one has made it. Not Malcolm Howard in the first order authorizing the dragnet, not DOJ in its request for that order (indeed, as PCLOB pointed out, the application relied heavily on Keith Alexander’s declaration about how the data would be used). The closest anyone has come is the white paper written last year that emphasizes the relevance to FBI investigations.

But no one I know of has affirmatively argued that it’s cool to use an FBI statute for the NSA. In the face of all the evidence that the dragnet has not helped the FBI thwart a single plot — maybe hasn’t even helped the FBI catch one Somali-American donating less than $10,000 to al-Shabaab, as they’ve been crowing for months — FBI Director Jim Comey has stated to Congress that the dragnet is useful to the FBI primarily for agility (though the record doesn’t back Comey’s claim).

Which leaves us with the only conclusion that makes sense given the Executive’s failure to prove it is useful at all: it’s not the FBI that uses it, it’s NSA. They don’t want to tell us how the NSA uses it, in part, because we’ll realize all their reassurances about protections for Americans fall flat for the millions of Americans who are 3 degrees away from a potential suspect.

But they also don’t want to admit that it’s the NSA that uses it, because then it’ll become far more clear how patently illegal this program has been from the start.

Better to just disappear the FBI Director and hope no one starts investigating the disappearance.

Jim Comey: For FBI, Section 215 Only Provides Agility

In yesterday’s Threat Hearing, James Clapper and John Brennan provided so much news early, I suspect many didn’t stick around to hear the question Angus King posed to Jim Comey. He asked about the significance of the phone dragnet.

SEN. KING: Director Comey, do you have views on the significance of 215? You understand this is not easy for this committee. The public is very skeptical and in order for us to continue to maintain it, we have to be convinced that it is in fact effective and not just something that the intelligence community thinks is something nice to have in their toolkit.

DIR. COMEY: Yeah, I totally understand people’s concerns and questions about them. They’re reasonable questions. I believe it’s a useful tool. For the FBI, its primary value is agility. That is, it allows us to do in minutes what would otherwise take us in hours. And I’ll explain what I mean by that. If a terrorist is identified in the United States or something blows up in the United States, we want to understand, OK, is there a network that we’re facing here?

And we take any telephone numbers connected to that terrorist, to that attack. And what I would do in the absence of 215 is use the legal process that we use every day, either grand jury subpoenas or national security letters, and by subpoenaing each of the telephone companies I would assemble a picture of whether there’s a network connected to that terrorist. That would take hours.

What this tool allows us to do is do that in minutes. Now, in most circumstances, the difference between hours and minutes isn’t going to be material except when it matters most. And so it’s a useful tool to me because of the agility it offers. [my emphasis]

Comey prefaced his entire answer by making it clear he was only addressing the way the FBI uses the dragnet. That suggests he was bracketing off his answer from possible other uses, notably by NSA.

If the FBI Director brackets off such an answer after 7 months of NSA pointing to FBI’s efforts to thwart plots, to suggest his Agency’s use may not be the most important use of the dragnet, can we stop talking about plots thwarted and get an explanation what role the dragnet really plays?

That said, it’s worth comparing Comey’s answer to what the PCLOB said about FBI’s use of the dragnet. Because in the 5 cases the government cited claiming the dragnet found particular leads (the exception is Basaaly Moalin, which PCLOB said might have been found via active investigations FBI already had going), FBI found the same leads via other means (and the implication for some of these is that FBI found those other leads first).

Operation WiFi: Those numbers simply mirrored information about telephone connections that the FBI developed independently using other authorities.

[snip]

David Headley: Those numbers, however, only corroborated data about telephone calls that the FBI obtained independently through other authorities.

[snip]

3 other cases: But in all three cases, that information simply mirrored or corroborated intelligence that the FBI obtained independently through other means.

That is, usually the dragnet isn’t even a matter of agility. It’s a matter of redundancy.

It seems Jim Comey, sharing the dais with several colleagues who’ve already torched their credibility, had no interest in pretending the dragnet is primarily about the investigations of his Agency.

Perhaps the rest of the us can dispense with that myth too now?

Are Even the Basaaly Moalin Claims Falling Apart Now?

I’ll have a much longer post later on what PCLOB has to say about the efficacy of the dragnet, which is actually far more interesting than I’ve seen reported thus far. But I want to look in detail at the passage in which they treat Basaaly Moalin.

And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. In that case, moreover, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program.

Note the verb: “may have,” not “might have” or “could have.” Thus, the passage has a (presumably intentionally) ambiguous meaning which could suggest either that the FBI did find Moalin on their own or they had the ability to.

But in conjunction with the adverb “arguably,” the use of “may” here sure seems to suggest PCLOB thinks a case could be made that FBI did, in fact, find Moalin on their own. Without the dragnet.

That is, PCLOB seems to suggest that even the claim that the dragnet helped find a cab driver giving $8,500 to al-Shabaab in hopes of protecting his tribal lands against US-backed invaders may be false.

Does the fact that DOJ didn’t include Moalin in its claims of success to the 3 lawsuits against the dragnet reflect growing questions within DOJ about how they really rediscovered Moalin?

As I see it, there are two obvious ways that FBI might have discovered Moalin on their own, and a third that would be even more interesting.

Recall that Moalin was actually prosecuted with the help of his hawala, who also happened to be in contact with people close to Aden Ayro, the warlord Moalin is presumed to be a second hop from (the case against the hawala is largely sealed). It’s possible the FBI found Moalin through the investigation of the hawala.That’s particularly likely given PCLOB’s later comment that Moalin “was the user of a telephone number already linked to pending FBI investigations.”

 Alternately, it’s possible the FBI got a tip off content related to Ayro and investigated using NSLs and found Moalin (though I think this is less likely because NSA has so few Somali translators). It’s also worth considering that at one point NSA contacted FBI because they had lost Ayro, asking if FBI had seen a new number for Ayro in Moalin’s calls. Which suggests, at least after they got a tap on Moalin, FBI may had an easier time of tracking Ayro than NSA did.

More interesting still, it’s possible FBI found Moalin in October 2007 by accessing dragnet results directly (as was possible for FBI to do until NSA shut this access down in June 2009), without having received a formal report from NSA reporting the link. If that’s the case, it’d be interesting for a slew of reasons, because it’d be a patently illegal lead, but it would technically come from the dragnet. If that were the case, I can see everyone wanting to lie about it, which might lead to … the kind of seemingly conflicting and increasingly cautious statements we’re seeing now (as well as DOJ’s silence on this “success” in recent court filings).

I have suggested that the timing of Moalin’s prosecution at least hints that they pursued it to have a first Section 215 success in time for PATRIOT reauthorization in 2011. Certainly, they were quick to roll out his case as a “dragnet success” last June. But if he wasn’t found via the dragnet, or if DOJ misrepresented precisely how he was found back in court filings in 2012 to hide that FBI had direct access to databases at NSA they weren’t legally entitled to have, then it’d put DOJ in a tight spot now, as Moalin appeals to the 9th Circuit. At least in September, they claimed to Judge Jeffrey Miller Moalin had been caught by the dragnet, and Miller didn’t think it harmed their case (though even there, Miller’s language made it clear he learned new information in those filings he hadn’t been told on the first FISA review). But if he wasn’t — or if FBI had legally impermissible access to the dragnet results — then Moalin’s appeal might get more interesting, either because DOJ misrepresented to the District what happened and/or because there’s something funky about the use of the dragnet with Moalin.

Of course, all that assumes Moalin would ever get to see the FISA related evidence against him, which PCLOB may have but which no FISA-related defendants ever have been able to do. Which is unlikely to happen.

FISA Warranted Targets and the Phone Dragnet

The identifiers (such as phone numbers) of people or facilities for which a FISA judge has approved a warrant can be used as identifiers in the phone dragnet without further review by NSA.

From a legal standpoint, this makes a lot of sense. The standard to be a phone dragnet identifier is just Reasonable Articulable Suspicion of some tie to terrorism — basically a digital stop-and-frisk. The standard for a warrant is probable cause that the target is an agent of a foreign government — and in the terrorism context, that US persons are preparing for terrorism. So of course RAS already exists for FISC targets.

So starting with the second order and continuing since, FISC’s primary orders include language approving the use of such targets as identifiers (see ¶E starting on page 8-9).

But there are several interesting details that come out of that.

Finding the Americans talking with people tapped under traditional FISA

First, consider what it says about FISC taps. The NSA is already getting all the content from that targeted phone number (along with any metadata that comes with that collection). But NSA may, in addition, find cause to run dragnet queries on the same number.

In its End-to-End report submission to Reggie Walton to justify the phone dragnet, NSA claimed it needed to do so to identify all parties in a conversation.

Collections pursuant to Title I of FISA, for example, do not provide NSA with information sufficient to perform multi-tiered contact chaining [redacted]Id. at 8. NSA’s signals intelligence (SIGINT) collection, because it focuses strictly on the foreign end of communications, provides only limited information to identify possible terrorist connections emanating from within the United States. Id. For telephone calls, signaling information includes the number being called (which is necessary to complete the call) and often does not include the number from which the call is made. Id. at 8-9. Calls originating inside the United States and collected overseas, therefore, often do not identify the caller’s telephone number. Id. Without this information, NSA analysts cannot identify U.S. telephone numbers or, more generally, even determine that calls originated inside the United States.

This is the same historically suspect Khalid al-Midhar claim, one they repeat later in the passage.

The language at the end of that passage emphasizing the importance of determining which calls come from the US alludes to the indexing function NSA Signals Intelligence Division Director Theresa Shea discussed before — a quick way for the NSA to decide which conversations to read (and especially, if the conversations are not in English, translate).

Section 215 bulk telephony metadata complements other counterterrorist-related collection sources by serving as a significant enabler for NSA intelligence analysis. It assists the NSA in applying limited linguistic resources available to the counterterrorism mission against links that have the highest probability of connection to terrorist targets. Put another way, while Section 215 does not contain content, analysis of the Section 215 metadata can help the NSA prioritize for content analysis communications of non-U.S. persons which it acquires under other authorities. Such persons are of heightened interest if they are in a communication network with persons located in the U.S. Thus, Section 215 metadata can provide the means for steering and applying content analysis so that the U.S. Government gains the best possible understanding of terrorist target actions and intentions. [my emphasis]

Though, as I have noted before, contrary to what Shea says, this by definition serves to access content of both non-US and US persons: NSA is admitting that the selection criteria prioritizes calls from the US. And in the case of a FISC warrant it could easily be entirely US person content.

In other words, the use of the dragnet in conjunction with content warrants makes it more likely that US person content will be read.

Excluding bulk targets

Now, my analysis about the legal logic of all this starts to break down once the FISC approves bulk orders. In those programs — Protect America Act and FISA Amendments Act — analysts choose targets with no judicial oversight and the standard (because targets are assumed to be foreign) doesn’t require probable cause. But the FISC recognized this. Starting with BR 07-16, the first order approved (on October 18, 2007) after the PAA  until the extant PAA orders expired, the primary orders included language excluding PAA targets. Starting with 08-08, the first order approved (on October 18, 2007) after FAA until the present, the primary orders included language excluding FAA targets.

Of course, this raises a rather important question about what happened between the enactment of PAA on August 5, 2007 and the new order on October 18, 2007, or what happened between enactment of FAA on July 10, 2008 and the new order on August 19, 2008. Read more

The Government Plays Connect-the-Dots Differently than They Say

In my continuing obsession to understand precisely how the government really uses the dragnet, consider this post, in which NSA Review Group member Geoffrey Stone conducts (IMO) inadequate analysis to conclude the phone dragnet is probably unconstitutional.

In it, he provides this description of how the government uses the phone dragnet:

In 2012, the NSA queried a total of 288 phone numbers. Based on these queries, the NSA found 16 instances in which a suspect phone number was directly or indirectly in touch with another phone number that the NSA independently suspected of being associated with terrorist activity. In such cases, the NSA turns the information over to the FBI for further investigation.

In terms of the “connect the dots” metaphor, the purpose of the program is not so much to discover new “dots” but to determine if there are connections between two or more already suspect “dots.” For example, if a phone number belonging to a terrorist suspect in Pakistan is found to have called a phone number in the United States that the government independently suspects belongs to a person involved in possible terrorist activity, alarm bells (figuratively) go off very loudly, alerting the government to the need for immediate attention. [my emphasis]

I don’t think this can be an accurate description of how the dragnet works.

It is close to what happened with Adis Medunjanin. As the FBI was honing in on Najibullah Zazi, the NSA did a query and found a new cell phone for Medunjanin, though they already knew Medunjanin was a likely accomplice of Zazi’s through via travel records. The government says they were particularly interested in this phone because it was in contact with other extremists. Thus, they found a brand new phone number, but one that ended up being associated with both a suspect (Medunjanin) and other suspects (the other people that phone was in contact with).

But that cell phone for Medunajnin was a brand new number to the NSA, at least according to their reports.

The claim may still be true if they used burner matching to identify Medunjanin as a match to the other phone record they had on him. But it seems this process would have to involve additional information about Medunjanin at some point — at the very least, the match of those travel documents to that phone number, if not his identity.

In other words, this only seems to make sense if they had Medunjanin’s “identity” in some form or another, belying their claims not to have identities while they’re contact chaining.

The description is potentially more problematic with Basaaly Moalin. In his case, the stated explanation for what happened is they found his number on a second-degree search, sent it to the FBI, and the FBI learned he was the guy who had previously been investigated in 2003.

The problem might be alleviated in two ways: first, if the hawala through which Moalin was sending money to Ayro, was also tied to a suspect number. That’s a distinct possibility: but the question is, how does that identity as a suspect number get communicated to NSA? If NSA already had it, doesn’t it mean they’ve got more suspect numbers sitting somewhere than have been RAS approved?

The other possibility is that Moalin himself was still identified as a suspect number from the investigation back in 2003 — that an investigation that turned up no evidence might still, during the era of the illegal program, have gotten someone nominated as a suspect number under Cheney’s program, and they never purged the system entirely (which would seem to be supported by the 2009 problems, which showed they hadn’t turned off the illegal program features).

Either of these possibilities, of course, would raise new concerns about the NSA program.

But the description would also raise real issues, both about the honesty of witnesses and the potential efficacy of the system. If the NSA only triggers on people who’ve got ties to a second suspect number (which is entirely different than what they’ve been saying) then it could not possibly alert the government to a fully compartmented lone actor (someone like, say, Faisal Shahzad). That is, it would only find people who were engaged in the kind of elaborate planning seen before the government dismantled al Qaeda, but would not find the kind of individual extremists we’ve seen almost exclusively (with the exception of Zazi) for years.

This would answer the question of whether the NSA is finding the right numbers, in that it would be less likely to find someone innocent. It also might explain why the program didn’t find Shahzad. But it would also mean it does (as presented) far less than the NSA has been saying it does.

I don’t actually believe that, but that is what it would suggest.

Richard Clarke Alludes to the Real Costs of the Dragnet

New America Foundation did a study of 225 terrorist plots to try to discern the source of the investigation. There are numerous obvious flaws to the study — many of which stem from the government’s own efforts to obscure the sources of what they do, some of which stem from a lack of awareness about how the government responded to other tips by collecting more NSA intelligence, some of which stem from ignoring the dragnet that existed in illegal form before the FISC-approved one.

With those caveats, NAF finds what has been reported for months: only the Basaaly Moalin’s provision of less than $10,000 to al-Shabaab stemmed from the phone dragnet.

Which provides the WaPo with another opportunity to report this as news. I’ll take it: any little bit helps!

WaPo and NAF also report what I reported 5 months ago: that the government delayed 2 months after identifying Moalin’s ties indirectly to Aden Ayro before wiretapping him. Remember, they say they need the dragnet to avoid delays in investigation.

Perhaps the most interesting part of WaPo’s report on this, though, are Richard Clarke’s comments. As a follow-up on the NSA Review Group’s comment on the risk to quality of life posed by the dragnet, Clarke claims the dragnet would still be too intrusive if it had contributed to every plot.

“Although we might be safer if the government had ready access to a massive storehouse of information about every detail of our lives, the impact of such a program on the quality of life and on individual freedom would simply be too great,” the group’s report said.

Said Clarke: “Even if NSA had solved every one of the [terrorist] cases based on” the phone collection, “we would still have proposed the changes.”

This is actually a fairly stunning comment (and not one, I suspect, Mike Morell, who is also quoted, would support). Even if the dragnet had identified every potential terrorist plot, Clarke says, it would still be too intrusive.

I think the dragnet is plenty intrusive — and I think plenty of the ways it infringes on privacy are those not accounted in NAF’s analysis (such as the use of the dragnet to pick targets for informants or conduct back door searches). Still: to suggest the dragnet would not be worth every single one of these leads?

Dianne Feinstein Glosses Jeffrey Miller Phone Dragnet Decision

Dianne Feinstein just released a statement effectively saying she likes the FISA Court phone dragnet decisions and the one Judge Jeffrey Miller made in the Moalin case better than the one Richard Leon issued yesterday.

Clearly we have competing decisions from those of at least three different courts (the FISA Court, the D.C. District Court and the Southern District of California). I have found the analysis by the FISA Court, the Southern District of California and the position of the Department of Justice, based on the Supreme Court decision in Smith, to be compelling.

But I’m particularly interested in the way she describes the Miller decision.

It should be noted that last month Judge Jeffrey Miller of the Southern District of California found the NSA business records program to be constitutional.

Judge Miller was ruling on a real world terrorist case involving the February 2013 conviction of Basaaly Moalin and three others for conspiracy and providing material support to the Somali terrorist organization Al-Shabaab. In that case, the NSA provided the FBI with information gleaned from an NSA query (under Section 215) of the call records database that established a connection between a San Diego-based number and a number known to be used by a terrorist with ties to al Qaeda.

In upholding these convictions, Judge Miller cited Smith v. Maryland (1979) the controlling legal precedent and held the defendants had ‘no legitimate expectation of privacy’ over the type of telephone metadata acquired by the government—which is the ‘to’ and ‘from’ phone numbers of a call, its time, its date and its duration. There is no content, no names and no locational information acquired.

As a threshold matter, Judge Miller did not decide last month that the phone dragnet was constitutional. He decided sometime around June 5, 2012, and that decision remains sealed in its entirety. He treated Moalin’s bid for a new trial as a reconsideration of his earlier decision, stating he had,”already considered and addressed many of the FISA and CIPA arguments from a federal and constitutional law perspective.” He deliberated just one day after the hearing on a new trial before rejecting the motion. Which means that his decision rests primarily on whatever representations the government made in secret — and none of us have gotten to see that decision.

If Senator Feinstein would like to use her position on the Senate Intelligence and Judiciary Committees to liberate that decision given that she’s relying on it, by all means let’s have some transparency!

Now look at how Feinstein characterizes the issue before Miller:

[T]he NSA provided the FBI with information gleaned from an NSA query (under Section 215) of the call records database that established a connection between a San Diego-based number and a number known to be used by a terrorist with ties to al Qaeda.

That is, she characterizes Miller’s review as weighing whether using an (at least) second-degree hop in a database to establish probable cause is Constitutional.

But that’s most definitely not what Miller did. Instead, he ignored the database entirely (the word “database” doesn’t appear in his ruling), and assessed the use of what Feinstein describes as a database query as two separate pen registers.

Defendants argue that the collection of telephony metadata violated Defendant Moalin’s First and Fourth Amendment rights. At issue are two distinct uses of telephone metadata obtained from Section 215. The first use involves telephony metadata retrieved from communications between third parties, that is, telephone calls not involving Defendants. Clearly, Defendants have no reasonable expectation of privacy to challenge any use of telephony metadata for calls between third parties. See Steagald v. United States, 451 U.S. 204, 219 (1981) (Fourth Amendment rights are personal in nature); Rakas v. Illinois, 439 U.S. 128, 133-34 (1978) (“Fourth Amendment rights are personal rights which, like some other constitutional rights, may not be vicariously asserted.”); United States v. Verdugo-Uriquidez, 494 U.S. 259, 265 (1990) (the term “people” described in the Fourth Amendment are persons who are part of the national community or may be considered as such). As noted in Steagald, “the rights [] conferred by the Fourth Amendment are personal in nature, and cannot bestow vicarious protection on those who do not have a reasonable expectation of privacy in the place to be searched.” 451 U.S. at 219. As individuals other than Defendants were parties to the telephony metadata, Defendants cannot vicariously assert Fourth Amendment rights on behalf of these individuals. To this extent, the court denies the motion for new trial.

The second use of telephony metadata involves communications between individuals in Somalia (or other countries) and Defendant Moalin. The following discusses whether Defendant Moalin, and other Defendants through him, have any reasonable expectation of privacy in telephony metadata between Moalin and third parties, including co-defendants. [my emphasis]

I believe that in documents that have been released since Miller’s ruling, the government distinguished this from pen registers (digging up those references now). But one thing’s clear: Miller didn’t approve the use of a database to show that his two-degree link between Moalin and Aden Ayro amounted to probable cause that he was an agent of a foreign power. He approved of two or more discrete pen registers.

That may or may not amount to a legal difference (Leon didn’t consider the database as such either). But I find it mighty telling that Feinstein describes the dragnet in terms her favored criminal ruling does not.

Did DOJ Prosecute Basaaly Moalin Just to Have a Section 215 “Success”?

At yesterday’s Senate Judiciary Committee hearing on the dragnet, the government’s numbers supporting the value of the dragnet got even worse. At one point, Pat Leahy asserted that the phone dragnet had only been useful in one case (in the last hearing, there had been a debate over whether it had been critical in one or two cases).

Leahy (after 1:09:40): We’ve already established that Section 215 was uniquely valuable in just one terrorism case, not the 54 that have been talked about before.

In a follow up some minutes later, Keith Alexander laid out numbers that explain how the Administration had presented that 1 case as 12 in previous claims.

Alexander (at 1:21:30): As you correctly stated, there was one unique case under 215 where the metadata helped. There were 7 others where it contributed. And 4 where it didn’t find anything of value, and we were able to tell the FBI that.

That is, to publicly claim that the phone dragnet has been useful in 12 cases, the Administration included 7 cases where — as with the Najibullah Zazi case — it proved to be a tool that provided non-critical information available by other means, and 4 cases where it was useful only because it didn’t show any results.

To fluff their numbers, the Administration has been counting cases where the phone dragnet didn’t show results as showing results of no results.

With sketchy numbers like that, it’s high time for a closer examination of the details — and the timing — of the Basaaly Moalin prosecution, the only case (Alexander now agrees) where the phone dragnet has been critical.

As a reminder, Moalin was first identified via the dragnet — probably on a second hop away from Somali warlord Aden Ayro — in October 2007.  They used that and probably whatever tip they used to investigate him in 2003 to get a FISA warrant by December 20, 2007. Only 2 months later, February 26, 2008, was al-Shabaab listed as a foreign terrorist organization. Ayro was killed on May 1, 2008, though the government kept the tap on Moalin through December 2008, during which period they collected evidence of Moalin donating money (maybe 3 times as much as he gave to al-Shabaab-related people) to a range of people who had nothing to do with al-Shabaab. A CIPA stipulation presented at the trial revealed that during this period after the inculpatory conversations, Moalin’s tribe and Shabaab split and Moalin’s collections supported other entities in Somalia.

1. Money collected for the Ayr sub-clan was given to individuals including Abukar Suyare (Abukar Mohamed) and Fare Yare, who were associated with the Ilays charity.

2. Money collected by the men in Guracewl on behalf of the Ayr sub-clan was given to a group that was not as-Shabaab. [sic]

3. There was a dispute between al-Shabaab, the Ayr clan and Ilays over the administration pf [sic] of Galgaduud regions.

4. Members of the Ilays charity and the Ayr sub-clan, including Abukar Suryare, were opposed to the al-Shabaab and were Ayrow’s enemies.

On April 8, 2009, FBI would search the hawala used to send money based entirely on Moalin’s case. Yet on April 23, 2009, according to a document referenced but not provided to Moalin’s defense, the FBI concluded that Moalin not only no longer expressed support for al-Shabaab, but that he had only ever supported it because of tribal loyalties, not support for terrorism.

The San Diego FIG assesses that Moalin, who belongs to the Hawiye tribe/Habr Gedir clan/Ayr subclan, is the most significant al-Shabaab fundraiser in the San Diego Area of Operations (AOR). Although Moalin has previously expressed support for al-Shabaab, he is likely more attentive to Ayr subclan issues and is not ideologically driven to support al-Shabaab. The San Deigo FIG assesses that Moalin likely supported now deceased senior al-Shabaab leader Aden Hashi Ayrow due to Ayrow’s tribal affiliation with the Hawiye tribe/Habr Gedir clan/Ayr subclan rather than his position in al-Shabaab. Moalin has also worked diligently to support Ayr issues to promote his own status with Habr Gedir elders. The San Diego FIG assesses, based on reporting that Moalin has provided direction regarding financial accounts to be used when transferring funds overseas that he also serves as a controller for the US-based al-Shabaab fundraising network.

The intercepts on which the prosecution was based support this. They show that Moalin’s conversations with Ayro and others focused on fighting the (American-backed) Ethiopian invaders of his region, not anything outside of Somalia.

Read more