Posts

The Dragnet Donald Trump Will Wield Is Not Just the Section 215 One

I’ve been eagerly anticipating the moment Rick Perlstein uses his historical work on Nixon to analyze Trump. Today, he doesn’t disappoint, calling Trump more paranoid than Nixon, warning of what Trump will do with the powerful surveillance machine laying ready for his use.

Revenge is a narcotic, and Trump of all people will be in need of a regular, ongoing fix. Ordering his people to abuse the surveillance state to harass and destroy his enemies will offer the quickest and most satisfying kick he can get. The tragedy, as James Madison could have told us, is that the good stuff is now lying around everywhere, just waiting for the next aspiring dictator to cop.

But along the way, Perlstein presents a bizarre picture of what happened to the Section 215 phone dragnet under Barack Obama.

That’s not to say that Obama hasn’t abused his powers: Just ask the journalists at the Associated Press whose phone records were subpoenaed by the Justice Department. But had he wanted to go further in spying on his enemies, there are few checks in place to stop him. In the very first ruling on the National Security Administration’s sweeping collection of “bulk metadata,” federal judge Richard Leon blasted the surveillance as downright Orwellian. “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary’ invasion than this collection and retention of personal data,” he ruled. “Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment.”

But the judge’s outrage did nothing to stop the surveillance: In 2015, an appeals court remanded the case back to district court, and the NSA’s massive surveillance apparatus—soon to be under the command of President Trump—remains fully operational. The potential of the system, as former NSA official William Binney has described it, is nothing short of “turnkey totalitarianism.”

There are several things wrong with this.

First, neither Richard Leon nor any other judge has reviewed the NSA’s “sweeping collection of ‘bulk metadata.'” What Leon reviewed — in Larry Klayman’s lawsuit challenging the collection of phone metadata authorized by Section 215 revealed by Edward Snowden — was just a small fraction of NSA’s dragnet. In 2013, the collection of phone metadata authorized by Section 215 collected domestic and international phone records from domestic producers, but even there, Verizon had found a way to exclude collection of its cell records.

But NSA collected phone records — indeed, many of the very same phone records, as they collected a great deal of international records — overseas as well. In addition, NSA collected a great deal of Internet metadata records, as well as financial and anything else records. Basically, anything the NSA can collect “overseas” (which is interpreted liberally) it does, and because of the way modern communications works, those records include a significant portion of the metadata of Americans’ everyday communications.

It is important for people to understand that the focus on Section 215 was an artificial creation, a limited hangout, an absolutely brilliant strategy (well done, Bob Litt, who has now moved off to retirement) to get activists to focus on one small part of the dragnet that had limitations anyway and NSA had already considered amending. It succeeded in pre-empting a discussion of just what the full dragnet entailed.

Assessments of whether Edward Snowden is a traitor or a saint always miss this, when they say they’d be happy if Snowden had just exposed the Section 215 program. Snowden didn’t want the focus to be on just that little corner of the dragnet. He wanted to expose the full dragnet, but Litt and others succeeded in pretending the Section 215 dragnet was the dragnet, and also pretending that Snowden’s other disclosures weren’t just as intrusive on Americans.

Anyway, another place where Perlstein is wrong is in suggesting there was just one Appeals Court decision. The far more important one is the authorized by Gerard Lynch in the Second Circuit, which ruled that Section 215 was not lawfully authorized. It was a far more modest decision, as it did not reach constitutional questions. But Lynch better understood that the principle involved more than phone records; what really scared him was the mixing of financial records with phone records, which is actually what the dragnet really is.

That ruling, on top of better understanding the import of dragnets, is important because it is one of the things that led to the passage of USA Freedom Act, a law that, contrary to Perlstein’s claim, did change the phone dragnet, both for good and ill.

The USA Freedom Act, by imposing limitations on how broadly dragnet orders (for communications but not for financial and other dragnets) can be targeted, adds a check at the beginning of the process. It means only people 2 degrees away from a terrorism suspect will be collected under this program (even while the NSA continues to collect in bulk under EO 12333). So the government will have in its possession far fewer phone records collected under Section 215 (but it will still suck in massive amounts of phone records via EO 12333, including massive amounts of Americans’ records).

All that said, Section 215 now draws from a larger collection of records. It now includes the Verizon cell records not included under the old Section 215 dragnet, as well as some universe of metadata records deemed to be fair game under a loose definition of “phone company.” At a minimum, it probably includes iMessage, WhatsApp, and Skype metadata, but I would bet the government is trying to get Signal and other messaging metadata (note, Signal metadata cannot be collected retroactively; it’s unclear whether it can be collected with standing daily prospective orders). This means the Section 215 collection will be more effective in finding all the people who are 2 degrees from a target (because it will include any communications that exist solely in Verizon cell or iMessage networks, as well as whatever other metadata they’re collecting). But it also means far more innocent people will be impacted.

To understand why that’s important, it’s important to understand what purpose all this metadata collection serves.

It was never the case that the collection of metadata, however intrusive, was the end goal of the process. Sure, identifying someone’s communications shows when you’ve been to an abortion clinic or when you’re conducting an affair.

But the dragnet (the one that includes limited Section 215 collection and EO 12333 collection limited only by technology, not law) actually serves two other primary purposes.

The first is to enable the creation of dossiers with the click of a few keys. Because the NSA is sitting on so much metadata — not just phone records, but Internet, financial, travel, location, and other data — it can put together a snapshot of your life as soon as they begin to correlate all the identifiers that make up your identity. One advantage of the new kind of collection under USAF, I suspect, is it will draw from the more certain correlations you give to your communications providers, rather than relying more heavily on algorithmic analysis of bulk data. Facebook knows with certainty what email address and phone number tie to your Facebook account, whereas the NSA’s algorithms only guess that with (this is an educated guess) ~95+% accuracy.

This creation of dossiers is the same kind of analysis Facebook does, but instead of selling you plane tickets the goal is government scrutiny of your life.

The Section 215 orders long included explicit permission to subject identifiers found via 2-degree collection to all the analytical tools of the NSA. That means, for any person — complicit or innocent — identified via Section 215, the NSA can start to glue together the pieces of dossier it already has in its possession. While not an exact analogue, you might think of collection under Section 215 as a nomination to be on the equivalent of J Edgar Hoover’s old subversives list. Only, poor J Edgar mostly kept his list on index cards. Now, the list of those the government wants to have a network analysis and dossier on is kept in massive server farms and compiled using supercomputers.

Note, the Section 215 collection is still limited to terrorism suspects — that was an important win in the USA Freedom fight — but the EO 12333 collection, with whatever limits on nominating US persons, is not. Plus, it will be trivial for Trump to expand the definition of terrorist; the groundwork is already being laid to do so with Black Lives Matter.

The other purpose of the dragnet is to identify which content the NSA will invest the time and energy into reading. Most content collected is not read in real time. But Americans’ communications with a terrorism suspect will probably be, because of the concern that those Americans might be plotting a domestic plot. The same is almost certainly true of, say, Chinese-Americans conversing with scientists in China, because of a concern they might be trading US secrets. Likewise it is almost certainly true of Iranian-Americans talking with government officials, because of a concern they might be dealing in nuclear dual use items. The choice to prioritize Americans makes sense from a national security perspective, but it also means certain kinds of people — Muslim immigrants, Chinese-Americans, Iranian-Americans — will be far more likely to have their communications read without a warrant than whitebread America, even if those whitebread Americans have ties to (say) NeoNazi groups.

Of course, none of this undermines Perlstein’s ultimate categorization, as voiced by Bill Binney, who created this system only to see the privacy protections he believed necessary get wiped away: the dragnet — both that authorized by USAF and that governed by EO 12333 — creates the structure for turnkey totalitarianism, especially as more and more data becomes available to NSA under EO 12333 collection rules.

But it is important to understand Obama’s history with this dragnet. Because while Obama did tweak the dragnet, two facts about it remain. First, while there are more protections built in on the domestic collection authorized by Section 215, that came with an expansion of the universe of people that will be affected by it, which must have the effect of “nominating” more people to be on this late day “Subversives” list.

Obama also, in PPD-28, “limited” bulk collection to a series of purposes. That sounds nice, but the purposes are so broad, they would permit bulk collection in any area of the world, and once you’ve collected in bulk, it is trivial to then call up that data under a more broad foreign intelligence purpose. In any case, Trump will almost certainly disavow PPD-28.

Which makes Perlstein’s larger point all the more sobering. J Edgar and Richard Nixon were out of control. But the dragnet Trump will inherit is far more powerful.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Working Thread: HPSCI’s Full Unbelievably Shitty Snowden Report

In September, I did a post asking why the House Intelligence Committee report on Edward Snowden was so unbelievably shitty. My post was just based off a summary released by the Committee. HPSCI has now released the full report.

This will be a working thread.

Summary: The summary, with all its obvious errors, remains unchanged. So see my earlier post for the problems with that.

PDF 6: The report starts with a claim that Snowden’s leaks were the “most massive and damaging in history.” But the claim was made in 2014. Since then we’ve had two more damaging leaks, the OPM leak and the Shadow Brokers leak.

PDF 6: In my earlier post, I wrote about how the deference given to the ongoing criminal investigation into Snowden seemed very similar to — but was far less defensible than — the approach Stephen Preston used when he was General Counsel at CIA. He was General Counsel at DOD when this report started, suggesting he adopted the same approach. Worse, we now know from emails released this year that the exec had actually moved on by May 2014, meaning the claim was not sustainable when made in August 2014.

PDF 7: On the education paragraph, see this post.

PDF 7: Rather than asking the military why Snowden was discharged, the committee asked NSA’s security official. As Bart Gellman notes, his official Army record backs Snowden, not the security official.  Then they say (in the footnote) that they “found node evidence that Snowden was involved in a training accident.”

PDF 9: This page cites from a CIA IG report on Snowden’s complaints about the treatment of TISOs overseas. It actually shows him trying to complain through channels.

PDF 10: Note that HPSCI claimed a paragraph based on information classified confidential was classified secret.

PDF 11: I’m curious why they redacted footnote 43.

PDF 11: Report notes a new derogatory report was submitted after Snowden left Geneva but also after his next employer hired him. It doesn’t seem too serious. Report notes that the alert function for Scattered Castles got updated after that.

PDF 12: The reports that he went to Thailand and China are second-hand, based off what an NSA lawyer said his former co-workers said. Both support an awareness that Snowden was making his privacy concerns known, including this quote (which is likely out of context and may refer to an individual program):

… Snowden expressing his view that the U.S. government had overreached on surveillance and that it was illegitimate for the government to obtain data on individuals’ personal computers.

PDF 13: Why would HPSCI (or NSA, for that matter) depend on the comments of co-workers to learn what Snowden did during a leave of absence? Also note, this is classified Secret, which means it must have some security function.

PDF 13: Note they had an interview with a lawyer and a security official on the same day.

PDF 13: His co-workers claimed Snowden frequently showed up late. That would mean he’d be home for the entirely of the East Coast day.

PDF 13: Snowden expressed concern that SOPA/PIPA would lead to online censorship, but his co-worker was dismissive bc he hadn’t read the bill.

PDF 14: The claim that Snowden went to a hackers conference in China is sourced to a co-worker who didn’t like Snowden much.

PDF 14: Note in the patch discussion, they hide the kind of person that the interviewee for this information is.

PDF 14: Snowden did something after being called out for bringing in a manager.

PDF 15: The report claims that Snowden started downloading docs in July 2012. Snowden has said that was part of transferring docs. But it also coincides with the period when he was trouble shooting a 702 template, so they may think this is how he got the FISA data.

PDF 15: Snowden had access to wget on NSA’s networks for the same reason Chelsea Manning did, IIRC: because the networks were unreliable. Snowden said he did this to move files from MD to HI. There’s a redacted paragraph that it sourced to a “HPSCI recollection summary paper,” which seems odd and unreliable.

PDF 15: The methods Snowden used paper is classified REL to USA, FVEY, presumably because Snowden was grabbing GCHQ documents.

PDF 16: Here’s the funny quote about Snowden violating privacy. Note the first redacted sentence here is not sourced to an NSA document, but instead to a NSA Legislative Affairs document.

PDF 18: The end of this betrays NSA’s efforts to make light of glaring security holes: the CD-ROM/USB port on Snowden’s computer, and the ability for him to download data w/o a buddy (they currently require a buddy).

PDF 19: THe complaints about Snowden’s “resumé inflation” are a valid point. But what does it say that no one at NSA checks these things.

PDF 20: After Snowden moved to Booz, he went back to his old computer to be able to download the files he had new access to. I had been wondering about that.

PDF 20: All the details about Snowden’s flight are taken from public reports, not FBI or CIA reports or even NSA’s timeline, which must cover it. Did NSA’s timeilne, which is dated . That is bizarre.

PDF 21: Note the classification mark for 132, which seems to conclude that Snowden’s motivation was to inform the public.

PDF 21: The report says Snowden left some encrypted hard drives behind, sourced to a 2/4/14 briefing not cited elsewhere. Working from memory I think this is the Flynn one.

PDF 21: The description of what others had said about Snowden’s interest in privacy conflicts with what NSA said internally. 

PDF 22: I will return to the description of the 702 training.

PDF 22: Note they source the training issue to someone unnamed. This appears to be the same person who described the patch issue (PDF 14), with an interview on October 28. That means it couldn’t have been the training person, and surely didn’t have first-hand knowledge.

PDF 23: The report cites the emails (without describing who they were addressed to) and the I Con the Record report on the email. Which means I’ve reviewed this issue more closely than HPSCI.

PDF 23: The section on whether Snowden was a whistleblower doesn’t cite his CIA IG contact.

PDF 25: Some of the foreign influence section obviously says there was none (see the Keith Alexander comment). Plus, this doesn’t cite other public comments saying there is no evidence of any foreign tie.

PDF 26: FN 166 is the bad briefing. Note that 1/5 of the documents Snowden took were blank.

PDF 29: This section describes the damage assessment. I find it very significant the NCSC has stopped reviewing T3 and T2 documents, which must suggest, in part, that they trust the security of the documents and/or have confirmed via some means that there aren’t more out there.

PDF 34: Yet another complaint about not fixing the removable media problem.

PDF 34: A description of the Secure the Net initiative, with four measures outstanding, and taking over a year to get to buddy system with SysAdmins.

PDF 35-36: There’s a list of things HPSCI ordered the IC to do after Snowden.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

How HPSCI’s Staffers Used Miscitations to Turn Edward Snowden into a Lying Flunkie

I want to take a close look at this paragraph (from PDF 7) of the House Intelligence report on Snowden, to show how they’re (mis)using information.

In its first claim, HPSCI says Snowden was “by his own account,” a “poor student.” It cites this Greenwald and Poitras intro to Snowden, which says something different: “By his own admission, he was not a stellar student.”

The next claim says he dropped out of high school in his sophmore year and then took community college classes, which relies on this report, which in turn cites the public schools as well as the Guardian story.

1991-1998: Snowden attends schools in the Anne Arundel County Public School System in Maryland from the elementary level to high school, where he dropped out his sophomore year. He’ll later say he earned his GED. (Source: Anne Arundel County Public Schools, The Guardian)

1999-2005: Snowden takes a variety of classes from Anne Arundel Community College in Arnold, Maryland. He does not take any cyber security or computer science classes, however, and he never earns a certificate or degree. (Source: Anne Arundel Community College)

Note, the committee has said it didn’t do an investigation because of the ongoing criminal investigation into Snowden. But there is no reason they couldn’t have called Anne Arundel County Public Schools rather than relying on an ABC piece; it wouldn’t have required a long distance call!

The third claim is that Snowden hoped the (community college) classes would permit him to earn a GED, “but nothing the Committee found indicates he did so.” That’s not sourced. Again, it doesn’t say whether or not they called Maryland.

This is what Bart Gellman said in September about Snowden’s claim to have gotten a GED.

I do not know how the committee could get this one wrong in good faith. According to the official Maryland State Department of Education test report, which I have reviewed, Snowden sat for the high school equivalency test on May 4, 2004. He needed a score of 2250 to pass. He scored 3550. His Diploma No. 269403 was dated June 2, 2004, the same month he would have graduated had he returned to Arundel High School after losing his sophomore year to mononucleosis. In the interim, he took courses at Anne Arundel Community College.

The fourth claim is that Snowden told TAO he did have a GED, claiming to have received it on 6/21/2001 from “Maryland High School.”

Finally, the report says that Snowden stated that he did not have a degree of any type, citing this NYT profile rather than citing the forum itself or even the Ars Technica article that first reported it. It is absolutely true that Snowden said he didn’t have a high school diploma, but in context, Snowden was responding to someone focused primarily on a college degree.

Visigothan: No college degree.

Over 10 years work experience in my field

No communicable or other diseases

Not a religious wackjob

I think I’m good on everything except the college degree.

TheTrueHOOHA: First off, the degree thing is crap, at least domestically. If you really have ten years of solid, provable IT experience (and given that you say you’re 25, I think it’d probably be best to underestimate), you CAN get a very well paying IT job. You just need to be either actively looking now or get the fuck out of California. I have no degree, nor even a high school diploma, but I’m making much more than what they’re paying you even though I’m only claiming six years of experience. It’s tough to “break in,” but once you land a “real” position, you’re made.

Now, unless the forum has changed over the years (in which case the date could be wrong), the NYT miscited Snowden, claiming he said “I don’t have a degree of ANY type. I don’t even have a high school diploma,” when in fact the forum itself says he said, “I have no degree, nor even a high school diploma.” Moreover, in context, Snowden is distinguishing between a “degree” and a “diploma,” which may suggest he’s thinking of the actual class work versus the (GED) degree.

That claim is modified by this footnote, citing an unnamed “associate” — is this Pulitzer Prize winning Bart Gellman they’re talking about? — describing that Snowden did get a GED in 2004. [Update: Indeed it is! HPSCI hid how credible the source for this was and what he based if off of!!]

But having acknowledged that there are official records they could consult but have not, they instead just present the admittedly conflicting claims made in secondary sources (assuming they got the dates correct, but there are dates that are absolutely incorrect elsewhere in this report). There’s no actual attempt to contact local schools to get to the bottom of it all.

And yet, they then use these conflicting claims (based on inaccurate citations) to claim, in the summary, that Snowden is a “serial exaggerator.”

To make that claim with respect to his high school education, you would actually have had to do the work to ascertain the truth. The report made no effort to do so.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

DISTANTFISH and Correlations

For some time, I’ve been trying to track how the NSA does correlations, as a 2008 FISA Court opinion that almost certainly approves correlation has been withheld from release. By “correlation,” NSA means that matching of known strong identifiers of a particular traffic. All such identifiers need to be tracked to track a target (indeed, France was not able to prevent the Bataclan attack because they had lost track of one of the key attackers).

One of the SIDToday newsletters the Intercept released today describes how a key tool to correlate identities, DISTANTFISH, works.

Here’s how it describes DISTANTFISH’s two functions:

(S//SI) PSC works by processing application layer protocols to extract certain metadata fields that work as strong selectors for the client of the current application. These selectors are usually login names, client e-mail addresses, user numbers, and other unique metadata. If a selector is found to be that of a known terrorist, that session, as well as all others generated by the terrorist, is forwarded to NSA for analysis. The DISTANTFISH association algorithms are the primary way of determining which sessions the terrorist generated when the access is traditional passive collection. The collection of all user sessions is called the Aggregate Session and can be achieved by other methods, especially active efforts.

(S//SI) However, PSC assumes that the strong selectors for a terrorist are known. The second objective for DISTANTFISH is to associate all strong selectors for SIGINT targets and store them in a database. Intelligence analysts use the database to discover new identities to add to the selectors for that terrorist. Work on this database has begun, but much work remains.

And here’s how it worked to collect all the web activity of a particular target in Iraq in 2004.

(S//SI) Project DISTANTFISH was created to target terrorist traffic on the Internet by providing two important services. First, it provides a database for discovering account identities for known terrorists to use as strong selectors (i.e. login names, e-mail addresses, or other elements that can be associated with a particular individual). Second, it provides information on which the same user generated computer sessions. Thus, if one session contains a strong selector for a terrorist, then all sessions can be collected. At the heart of this capability is an association service that can track an individual computer by the way it generates packets.

(S//SI) From this association service, the DISTANTFISH team members were able to determine that the terrorist generated 107 computer sessions over eleven minutes, thus separating this traffic from that of the other 16 people in the web café. As most of the supporting software is still under development, the data was manually examined resulting in the discovery of two additional MSN Messenger accounts and two Yahoo web mail accounts that the terrorist used, but that NSA had been unaware of. Since terrorists often abandon accounts for new ones, having a complete picture of the accounts used is critical for targeting the terrorists’ traffic.

Remember, the USA Freedom Act requires “phone” companies, broadly defined, to turn over “session identifiers” under the guise of call records. Any such session identifier can be used to correlate identities in this fashion. I have long argued that is the point of USAF: to get tech companies to do correlations with a near perfect degree of accuracy rather than (in fact, in addition to) having the NSA correlate the IDs.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

One Thing Edward Snowden Is Not a Fucking Idiot About

Gizmodo’s Matt Novak is outraged that fucking idiot Edward Snowden told a conference some stupid things. I agree that this was a pretty stupid comment.

Snowden also addressed his tweet from October 21st in which he said that, “There may never be a safer election in which to vote for a third option.” Snowden told us that he more or less stands by his tweet and that anything else “freezes us into a dynamic of ‘you must always choose between two bad options’” which is a “fundamentally un-American idea.”

The thing that really outraged Novak, however, is that Snowden said technical means are more important than policy as a way to protect liberty.

What got me so riled up about Snowden’s talk? He firmly believes that technology is more important than policy as a way to protect our liberties. Snowden contends that he held this belief when Obama was in office and he still believes this today, as Donald Trump is just two months away from entering the White House. But it doesn’t make him right, no matter who’s in office.

“If you want to build a better future, you’re going to have to do it yourself. Politics will take us only so far. And if history is any guide, they are the least effective means of seeing change we want to see,” Snowden said on stage in Oakland from Russia, completely oblivious to how history might actually be used as a guide.

Snowden spoke about how important it is for individuals to act in the name of liberty. He continually downplayed the role of policy in enacting change and trotted out some libertarian garbage about laws being far less important than the encryption of electronic devices for the protection of freedoms around the world.

“Law is simply letters on a page,” Snowden said. It’s a phrase that’s still ringing in my ears, as a shockingly obtuse rejection of civilized society and how real change happens in the world.

How do we advance the cause of liberty around the world? Encrypt your devices, according to Snowden. Okay, now what? Well, Snowden’s tapped out of ideas if you get beyond “use Signal.”

Novak went on to recite big legislation — notably, the Civil Rights and Voting Rights Acts — that has been critical to advancing the cause of liberty with the boundaries of the US. I agree that they have.

That said, I’m all but certain I spend more time working on surveillance policy than Novak. I’m no shrug in the work to improve surveillance policy.

But there are several things about surveillance that are different. First (as Snowden pointed out), “Technology knows no jurisdiction.” One aspect of the government’s dragnet is that it spies on Americans with data collected overseas under EO 12333. And Congress has been very reluctant to — and frankly pretty ineffective at — legislating surveillance that takes place outside the relatively narrow (geographic and legal) boundaries of FISA. Without at least reinterpretation of Supreme Court precedent, it’s not clear how much Congress can legislate the spying currently conducted under EO 12333.

Either we need to come up with a way to leverage other jurisdictions so as to limit surveillance overseas (which will require technology in any case, because the NSA is better at spying than any other jurisdiction out there), or we need to find some way to make it harder for the government to spy on us by doing it overseas. The latter approach involves leveraging technology.

And all that assumes the Trump Administration won’t use the very same approach the Bush Administration did: to simply blow off the clear letter of the law and conduct the spying domestically anyway. At least now, it would be somewhat harder to do because Google has adopted end-to-end encryption and Signal exists (we’re still fighting policy battles over terms under which Google can be coerced into turning over our data, but Signal has limited the amount to which it can be coerced in the same way because of its technological choices).

The other important point is, especially going forward, it will be difficult to work on policy without using those technological tools. “Use Signal” may not be sufficient to protecting liberties. But it is increasingly necessary to it.

It may be that Novak is aware of all that. Nothing in his article, however, reflects any such awareness.

Edward Snowden may be a fucking idiot about some things. But anyone who imagines we can protect liberties by focusing exclusively on policy is definitely a fucking idiot.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

NSA Conducts FISA Section 704 Collection Using Transit Collection

Please consider donating to support this work. It’s going to be a long four years. 

The Intercept has a fascinating new story confirming what many people already intuited: AT&T’s spooky building at 33 Thomas Street is a key NSA collection point, and the NSA has equipment inside the building (it’s almost certainly not just NSA; this is probably also where AT&T collects much of their Hemisphere database and it likely includes AT&T’s special service center for FBI NSLs).

The Intercept released a bunch of documents with the story, including this one on FAIRVIEW.

It shows that FISA Section 704/705a are among the authorities used with FAIRVIEW, ostensibly collected under “Transit” authority, but with the collection done at TITANPOINT (which is the code name for 33 Thomas Street).

screen-shot-2016-11-16-at-3-05-47-pm

As I explain in this post, there are three authorities in the FISA Amendments Act that are supposed to cover US persons: 703 (spying with the help of domestic partners on Americans who are overseas), 704 (spying on Americans who are overseas, using methods for which they would have an expectation of privacy), and 705, which is a hybrid.

But Snowden documents — and this IG Report — make it clear only 704 and 705b are used.

Screen Shot 2016-05-13 at 3.38.08 AM

Unsurprisingly, the disclosure standards are higher for 703 — the authority they don’t use — than they are for 704. In other words, they’re using the authority to spy on Americans overseas that is weaker. Go figure.

But here’s the other problem. 704/705b are two different authorities and — as reflected in Intelligence Oversight Board reports — they are treated as such. Which means they are using 704 to spy on targets that are overseas, not just defaulting to 705b hybrid orders (which would require the person to be in the US some of the time).

But they are doing it within the US, using the fiction that the collection is only “transiting” the US (that is, transiting from one foreign country to another). This seems to indicate the NSA is conducting electronic surveillance on US persons located overseas — which seems clearly to fall under 703 — but doing it under 704 by claiming traffic transiting the US isn’t really collection in the US. Correction: Because the person is located overseas, it doesn’t count as electronic surveillance. In any case, this seems to be effectively a way around the intent of 703.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

In Latest Russian Plot, WikiLeaks Reveals Hillary Opposes ISDS

Among the emails released as part of the Podesta leaks yesterday, WikiLeaks released this one showing that, almost a year before she was making the same argument in debates with Bernie Sanders, Hillary was opposed to Investor State Dispute Settlement that is part of the Trans Pacific Partnership. (h/t Matt Stoller) ISDS is the means by which corporations have used trade agreements to operate above the domestic laws of party countries (if you haven’t read this three part series from BuzzFeed to learn about the more exotic ways business are profiting off of ISDS).

The email also appears to echo her later public concern that she had changed her mind on TPP because of KORUS.

After our last talk with HRC, we revised our letter to oppose ISDS and include her caution about South Korea.

Sure, other Podesta emails show Hillary supporting a broad region of free trade (and labor) in the Americas. But this more recent email confirms that the views she expressed in debate were more than just an attempt to counter Bernie’s anti-trade platform.

Whether or not this is newsworthy enough to justify the WL dump, it is noteworthy in light of NYT’s rather bizarre article from some weeks back suggesting that WL always sides with Putin’s goals. As I noted, the article made a really strained effort to claim that WL exposed TPP materials because it served Putin’s interests. Now, here, WL is is releasing information that makes Hillary look better on precisely that issue.

That doesn’t advance the presumed narrative of helping Trump defeat Hillary!

Then, as I noted yesterday, in spite of all the huff and puff from Kurt Eichenwald, the release of a Sid Blumenthal email used by Trump is another case where the WL release, as released, doesn’t feed the presumed goals of Putin.

Which brings me to this Shane Harris piece, which describes four different NatSec sources revealing there’s still a good deal of debate about WL’s ties to Russia.

Military and intelligence officials are convinced that WikiLeaks is an ongoing threat to U.S. national security and privacy owing to its leaks of classified documents and emails. But its precise relationship with Russia has been a subject of internal debate. Some do see the group as being in cahoots with the Kremlin. But others find that WikiLeaks is acting mainly as the beneficiary of stolen documents, not unlike a journalistic organization.

There are some funny aspects to this story. Nothing in it considers the significant evidence that WL is (and has reason to be) affirmatively anti-Hillary, which means its interests may align with Russia, even if it doesn’t take orders from Russia.

It also suggests that if the spooks can prove some tie between WL and Russia, they can spy on it as an agent of foreign power.

But those facts don’t mean WikiLeaks isn’t acting at Russia’s behest. And that’s not a trivial matter. If the United States were to determine that WikiLeaks is an agent of a foreign power, as defined in U.S. law, it could allow intelligence and law enforcement agencies to spy on the group—as they do on the Russian government. The U.S. can also bring criminal charges against foreign agents.

WL has been intimately involved in two separate charges cases of leaking-as-espionage in the US, Chelsea Manning and Edward Snowden. The government has repeatedly told courts that it has National Security/Criminal investigations, plural, into WikiLeaks, and when pressed for details about how and whether the government is collecting on supporters and readers of WikiLeaks, the government has in part hidden those details under a b3 FOIA exemption, meaning a statute prevents disclosing it, while extraordinarily refusing to reveal what statute that is. We certainly know that FBI has used multiple informants to spy on WL and used a variety of collection methods against Jacob Appelbaum, including (according to Appelbaum) physical tails.

So there’s not only no doubt that the US government believes it can spy on WikiLeaks (which is, after all, headed by a foreigner and not a US organization), but that it already does, and has been doing for at least six years.

Perhaps Harris’ sources really mean they’ve never found a way to indict Julian Assange before, but if they can claim he’s working for Putin, then maybe they’ll overcome past problems of indicting him because it would criminalize journalism. If that’s the case, it may be shading analysis of WL, because the government would badly like a reason to shut down WL (as the comments about the direct threat to the US in the story back up).

As I’ve said before, the role of WL in this and prior leak events is a pretty complex one, one that if approached too rashly (or too sloppily) could have ramifications for other publishers. While a lot of people are rushing to collapse this (in spite of what sounds like a continuing absence of directly incriminating evidence) into a nation-state conflict, things like this TPP email suggest it’s not that simple.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Yahoo Scan: On Facilities and FISA

There are now two competing explanations for what Yahoo was asked by the government to do last year.

Individual FISA order or 702 directive?

NYT (including Charlie Savage, who FOIAed all the FISC opinions and then wrote a book about them) explains Yahoo got an individual FISA order to search for a “signature” that the FBI had convinced the FISA Court was associated with a state-sponsored terrorist group.

A system intended to scan emails for child pornography and spam helped Yahoo satisfy a secret court order requiring it to search for messages containing a computer “signature” tied to the communications of a state-sponsored terrorist organization, several people familiar with the matter said on Wednesday.

Two government officials who spoke on the condition of anonymity said the Justice Department obtained an individualized order from a judge of the Foreign Intelligence Surveillance Court last year. Yahoo was barred from disclosing the matter.

To comply, Yahoo customized an existing scanning system for all incoming email traffic, which also looks for malware, according to one of the officials and to a third person familiar with Yahoo’s response, who also spoke on the condition of anonymity.

With some modifications, the system stored and made available to the Federal Bureau of Investigation a copy of any messages it found that contained the digital signature.

Reuters — in a story emphasizing the upcoming debate about reauthorization — says that the order was a Section 702 order.

The collection in question was specifically authorized by a warrant issued by the secret Foreign Intelligence Surveillance Court, said the two government sources, who requested anonymity to speak freely.

Yahoo’s request came under the Foreign Intelligence Surveillance Act, the sources said. The two sources said the request was issued under a provision of the law known as Section 702, which will expire on Dec. 31, 2017, unless lawmakers act to renew it.

The FISA Court warrant related specifically to Yahoo, but it is possible similar such orders have been issued to other telecom and internet companies, the sources said.

Yet it also reports that both Intelligence Committees are investigating more about this request (which tells you something about Reuters’ potential sources and how much the spooks’ overseers actually know about this).

The intelligence committees of both houses of Congress, which are given oversight of U.S. spy agencies, are now investigating the exact nature of the Yahoo order, sources said.

For what it’s worth, at least until 2012, I think NSA and FBI might have been able to request this scan under 702; there are a bunch of court decisions, including one associated with what got reported as an upstream violation in 2012, that we haven’t seen on this point though. But particularly given Reuters’ discussion of a “warrant” — which is more often used with traditional FISA — I suspect NYT is correct on this.

“Hard” and “soft,” and “upstream,” “about,” and “PRISM” are confusing the debate

The source of the confusion seems to stem from two separate sets of vocabulary that are unhelpful in understanding how FISA works.

The first set has to do with “hard” and “soft” selectors, language used in XKeyscore, which basically conducts boolean searches of buffered Internet traffic. Hard selectors are name, email, or phone identifiers associated with a specific person. Soft selectors are characteristics that can range from geographic location to specific code — so a search might ask for users of the encryption tool Mujahadeen Secrets in Syria, for example, which will return a bunch of people whose identities may not be known but whose activities warrant interest. Soft selectors can include searches on what counts as “content,” but they also search on what counts as metadata.

I think the hard/soft distinction is misleading because — as far as I know — FISA has always operated on single selectors, not boolean searches. NSA isn’t asking providers — whether they’re phone companies or Internet providers — to go find people who are in interesting places and use interesting crypto (though AT&T may be an exception to this rule). Rather, they’re asking for communications obtained by searching on specific selectors.

To be sure, for each target, there will be a range of selectors, often a huge number of them. Even for one person, as I have noted, NSA and FBI probably know of at least a hundred selectors. One Google subpoena response I examined, for examined, included 15 “hard” identifiers for just one person (and multiply that by any major Internet service a person used). For a targeted organization like “Russian GRU hackers,” the NSA will probably have still more. But — again, as far as we know — FISA providers are asked to return data based off known selectors. But as I’ll show below, they’ve been asked to return data off selectors that would count as both hard and soft under XKeyscore.

The other set of confusing vocabulary comes from public debates about FISA (including PCLOB’s report on Section 702). Some debates have made a distinction between “upstream” and “PRISM.” Upstream is when NSA gives the telecoms a selector to collect information from scans conducted at switches, but it fundamentally refers to how something is collected, not who does it (and it’s possible there are backbone providers we haven’t thought of who also participate). PRISM is when NSA/FBI give Internet providers selectors to return activity on; it’s a description of from whom the information is collected. But even there, a PRISM provider will provide far more than just the email associated with a given selector.

Sometimes “upstream” collection is referred to as “about” collection. That’s misleading. “About” collection — that is, communications that contain a selector in what counts as content areas of the communication — is a subset of upstream collection. But what is really happening is that when the telecoms sniff packets to find a given selector, they need to sniff both the header and content to get all the communications they’re after, which is what PCLOB is saying here.

With regard to the NSA’s acquisition of “about” communications, the Board concludes that the practice is largely an inevitable byproduct of the government’s efforts to comprehensively acquire communications that are sent to or from its targets. Because of the manner in which the NSA conducts upstream collection, and the limits of its current technology, the NSA cannot completely eliminate “about” communications from its collection without also eliminating a significant portion of the “to/from” communications that it seeks. The Board includes a recommendation to better assess “about” collection and a recommendation to ensure that upstream collection as a whole does not unnecessarily collect domestic communications.

One hazard of using “about” to refer to “upstream” collection is it leads people to forget that the NSA needs to use upstream collection to comprehensively collect non-PRISM Internet traffic, even when working just from “hard” selectors like email addresses. Some of this collection (as the PCLOB passage above makes clear) is just looking for any emails involving a target, not emails talking “about” that target. But at least according to PCLOB, because of the way this collection is done, even if NSA is only searching for a hard selector email, it will get “about” traffic.

As you can see, however, this language is already going to be insufficient to discuss the Yahoo request, which is effectively an “upstream” search on a PRISM providers’ content (though I’m not clear whether it happens at the packet level or not). We also don’t yet know whether the signature involved counts as content, but the filters Yahoo adapted for the process clearly scan the content.

Public discussions have hidden how 702 includes non-email selectors

But the bigger problem with this discussion is that people are confused about what FISA permits the government to search on.

One huge shortcoming of the PCLOB report — one I pointed out at the time — is that it pretended that Section 702 was not used for cybersecurity. That’s unfortunate because cybersecurity is the area where Section 702 most obviously includes non-email selectors, what would be called “soft” selectors in XKeyscore. When I first confirmed that NSA was using 702 for cybersecurity back when I briefly worked at the Intercept, it was based off the search on a cyber “signature,” not an email. The target was a (state-sanctioned) hacker, but the search was not for the hacker’s email, but for his tools.

Here’s how PCLOB briefly alluded to this activity.

Although we cannot discuss the details in an unclassified public report, the moniker “about” collection describes a number of distinct scenarios, which the government has in the past characterized as different “categories” of “about” collection. These categories are not predetermined limits that confine what the government acquires; rather, they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them.

The Semiannual reports are one place where the government has officially admitted that it searches on more than just email addresses.

Section 702 authorizes the targeting of non-United States persons reasonably believed to be located outside the United States. This targeting is effectuated by tasking communication facilities (also referred to as “selectors”), including but not limited to telephone numbers and electronic communications accounts, to Section 702 electronic communication service providers. [my emphasis]

As I said, the Snowden documents confirm that NSA has searched on malware signatures. Given the obvious application and the non-denials I have gotten from various quarters, I would bet a great deal of money that NSA has also searched on some signature associated with AQAP’s Inspire magazine, effectively allowing it to track anyone who downloads (or decrypts) the magazine.

In a series of tweets yesterday, Snowden confirmed that the scope is even more broad.

In practical terms, this means anything you can convince FISC to stamp. At NSA, I saw live examples of the following:

The usual suspects (emails, IPs, usernames, etc), but also cryptographic hashes that identify known files (MD5/SHA1), sub-strings from base-64 encoded email attachments (derived from things like embedded corporate logos), and any uncommon artifacts arising from a target’s tooling, for example if their app transmits a UUID (like a registration code or serial).

The possibilities here are basically limitless, and we can’t infer the specific nature of the string without more info.

The point is, “upstream” collection — whether done at a telecom switch or a tech server — can (and will, so long as FISC will authorize it) search on any string that will return the communications of interest, with “communications” extending to include “cyberattacks conducted by disembodied code.”

To understand FISA collection, then, it is best to think in terms of selectors or facilities that will return a desired target. Here’s some language from an Semiannual report that explains the distinction between target and facility (and why the classified numbers in the report are undoubtedly much larger than the unclassified 92,000 “target” number we’re given to explain the scope of FISA collection).

The provided number of facilities on average subject to acquisition during the reporting period remains classified and is different from the unclassified estimated number of targets affected by Section 702 released on June 26, 2014, by ODNI in its 2013 Transparency Report: Statistical Transparency Report Regarding Use of National Security Authorities (hereafter the 2013 Transparency Report). The classified number provided in the table above estimates the number of facilities subject to Section 702 acquisition, whereas the unclassified number provided in the 2013 Transparency Report estimates the number of targets affected by Section 702 (89,138). As noted in the 2013 Transparency Report, the “number of 702 ‘targets’ reflects an estimate of the number of known users of particular facilities (sometimes referred to as selectors) subject to intelligence collection under those Certifications.” Furthermore, the classified number of facilities in the table above accounts for the number of facilities subject to Section 702 acquisition during the current six month reporting period (e.g., June 1, 2013 – November 30, 2013), whereas the 2013 Transparency Report estimates the number of targets affected by Section 702 during the calendar year 2013.

As explained above, for any given target, there may be a slew of selectors or facilities that NSA can collect on (though they probably only collect on a limited selection of all the selectors they know; they use the other selectors to make sure they can find all the online activity of someone). The government tracks this internally by counting how many average selectors or facilities are targeted in a given day. These numbers will get more interesting, by the way, once the numbers incorporate USA Freedom Act compliance, which (in my opinion) significantly serves to require providers to provide all known selectors, that is, to even further expand the universe of known selectors.

A history of the word “facility”

But to understand the background to the Yahoo thing, it is absolutely necessary to understand how the word “facility” has evolved within FISC (and we only have access to some of this). As far as we know, the meaning of the word started to change in 2004 when Coleen Kollar-Kotelly approved the installation of “Pen Registers” (really, packet sniffers) at switches to accomplish with the Internet dragnet what Stellar Wind had been doing (that is, the collection of Internet metadata in bulk), based on the logic that al Qaeda was using those facilities to communicate. Her ruling changed the definition of facility from meaning an individual user (a phone number or email address) to many users including the target. When Kollar-Kotelly first approved it, she required the government to tell her which specific switches they were going to target — that is, which switches were likely to carry traffic from target countries like Yemen and Afghanistan. But when John Bates reauthorized the Internet dragnet in 2010, he let the government decide on a rolling basis which facilities it would collect metadata from.

Thus, starting in 2004 and expanded in 2010, “facility” — the things targeted under FISA — no longer were required to tie to an individual user or even a location exclusively used by targeted users.

When Kollar-Kotelly authorized the Internet dragnet, she distinguished what she was approving, which did not require probable cause, from content surveillance, where probable cause was required. That is, she tried to imagine that the differing standards of surveillance would prevent her order from being expanded to the collection of content. But in 2007, when FISC was looking for a way to authorize Stellar Wind collection — which was the collection on accounts identified through metadata analysis — Roger Vinson, piggybacking Kollar-Kotelly’s decision on top of the Roving Wiretap provision, did just that. That’s where “upstream” content collection got approved. From this point forward, the probable cause tied to a wiretap target was freed from a known identity, and instead could be tied to probable cause that the facility itself was used by a target.

There are several steps between how we got from there to the Yahoo order that we don’t have full visibility on (which is why PCLOB should have insisted on having that discussion publicly). There’s nothing in the public record that shows John Bates knew NSA was searching on non-email or Internet messaging strings by the time he wrote his 2011 opinion deeming any collection of a communication with a given selector in it to be intentional collection. But he — or FISC institutionally — would have learned that fact within the next year, when NSA and FBI tried to obtain a cyber certificate. (That may be what the 2012 upstream violation pertained to; see this post and this post for some of what Congress may have learned in 2012.) Nor is there anything in the 2012 Congressional debate that shows Congress was told about that fact.

One thing is clear from NSA’s internal cyber certificate discussions: by 2011, NSA was already relying on this broader sense of “facility” to refer to a signature of any kind that could be associated with a targeted user.

The point, however, is that sometime in the wake of the 2011 John Bates opinion on upstream, FISC must have learned more about how NSA was really using the term. It’s not clear how much of Congress has been told.

The leap from that — scanning on telephone switches for a given target’s known “facility” — to the Yahoo scan is not that far. In his 2010 opinion reauthorizing the Internet dragnet, Bates watered down the distinction between content and metadata by stripping protection for content-as-metadata that is also used for routing purposes. There may be some legal language authorizing the progression from packets to actual emails (though there’s nothing that is unredacted in any Bates opinion that leads me to believe he fully understood the distinction). In any case, FISCR has already been blowing up the distinction between content and metadata, so it’s not clear that the Yahoo request was that far out of the norm for what FISC has approved.

Which is not to say that the Yahoo scan would withstand scrutiny in a real court unaware of the FISC precedents (including the ones we haven’t yet seen). It’s just to say we started down this path 12 years ago, and the concept of “facilities” has evolved such that a search for a non-email signature counts as acceptable to the FISC.

If a facility is not a user, then how do you determine foreignness?

[Update: I realize this discussion is, given the increasing certainty that the Yahoo scan was done under an individual FISA order, irrelevant for the Yahoo case, because FBI has been cleared to collect on signatures in the US. But the issue is still an important one when discussing “facilities” that have been divorced from a geographically located user.]

There’s one final thing we don’t have visibility on.

When Kollar-Kotelly started down this path, she focused on facilities that were foreign-facing. That is, there was a high likelihood messages transiting those switches were one-side foreign, and therefore targetable, certainly for a PRTT. But as I noted, that foreign-facing distinction got badly watered down in 2010. And Yahoo’s entire universe of emails would not be particularly foreign focused (though a lot of foreigners use Yahoo).

The question is, if NSA or FBI is targeting a facility that is not tied to a given user, but is instead tied to an organization that is located overseas, how does the government determine foreignness on a signature? NSA’s General Counsel would permit analysts to collect on but not target metadata of, say, bots in the US based on the assumption that the ultimate source of the bot was overseas. If the signature that FBI searches on derives from overseas — as in the case where Inspire magazine is produced overseas — does that by itself deem a communication involving that signature to be “located” overseas, and therefore targetable.

I suspect that may be why NYT’s sources emphasized that the target of the Yahoo search was a state-sponsored terrorist organization, rather than just a terrorist organization, because by definition that state would be overseas. But I also suspect that a lot of the recent troubles at NSA pertaining to “roving” selectors stems from the ambiguity that arises when you start targeting selectors that are not by definition geographically bounded.

The way the government targets facilities is constitutionally problematic in any case. But this question of foreignness seems to present both statutory and constitutional problems.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

HPSCI: We Must Spy Like Snowden To Prevent Another Snowden

I was going to write about this funny part of the HPSCI report anyway, but it makes a nice follow-up to my post on Snowden and cosmopolitanism, on the importance of upholding American values to keeping the servants of hegemon working to serve it.

As part of its attack on Edward Snowden released yesterday, the House Intelligence Committee accused Snowden of attacking his colleagues’ privacy.

To gather the files he took with him when he left the country for Hong Kong, Snowden infringed on the privacy of thousands of government employees and contractors. He obtained his colleagues’ security credentials through misleading means, abused his access as a systems administrator to search his co-workers’ personal drives, and removed the personally identifiable information of thousands of IC employees and contractors.

I have no doubt that many — most, perhaps — of Snowden’s colleagues feel like he violated their privacy, especially as their identities are now in the possession of a number of journalists. So I don’t make light of that, or the earnestness with which HPSCI’s sources presumably made this complaint (though IC employee privacy is one of the things all journalists who have reported these stories have redacted, to the best of my knowledge).

But it’s a funny claim for several reasons. Even ignoring that what the NSA does day in and day out is search people’s personal communications (including millions of innocent people), this kind of broad access is the definition of a SysAdmin.

HPSCI apparently never had a problem with techs getting direct access to our dragnet metadata, as they had and (now working in pairs) still have, for those of us two degrees away from a suspect.

Plus, HPSCI has never done anything publicly to help the 21 million clearance holders whose PII China now holds. Is it possible they’re more angry at Snowden than they are at China’s hackers, who have more ill-intent than Snowden?

But here’s the other reason this complaint is laugh-out-loud funny. HPSCI closes its report this way:

Finally, the Committee remains concerned that more than three years after the start of the unauthorized disclosures, NSA and the IC as a whole, have not done enough to minimize the risk of another massive unauthorized disclosure. Although it is impossible to reduce the change of another Snowden to zero, more work can and should be done to improve the security of the people and the computer networks that keep America’s most closely held secrets. For instance, a recent DOD Inspector General report directed by the Committee had yet to effectively implement its post-Snowden security improvements. The Committee has taken actions to improve IC information security in the Intelligence Authorization Acts for Fiscal Years 2014, 2015, 2016, and 2017, and looks forward to working with the IC to continue to improve security.

First, that timeline — showing an effort to improve network security in each year following the Snowden leaks — is completely disingenuous. It neglects to mention that the Intel Committees have actually been trying for longer than that. In the wake of the Manning leaks, it became clear that DOD’s networks were sieve-like. Congress tried to require network monitoring in the 2012 Intelligence Authorization. But the Administration responded by insisting 2013 — 3 years after Manning’s leaks — was too soon to plug all the holes in DOD’s networks. One reason Snowden succeeded in downloading all those files is because the network monitoring hadn’t been rolled out in Hawaii yet.

So HPSCI is trying to pretend Intel Committee past efforts didn’t actually precede Snowden by several years, but those efforts failed to stop Snowden.

The other reason I find this paragraph — which appears just four paragraphs after it attacks Snowden for the invasion of his colleagues’ privacy — so funny is that in the 2014 Intelligence Authorization (that is, the first one after the Snowden leaks), HPSCI codified an insider threat program, requiring the Director of National Intelligence to,

ensure that the background of each employee or officer of an element of the intelligence community, each contractor to an element of the intelligence community, and each individual employee of such a contractor who has been determined to be eligible for access to classified information is monitored on a continual basis under standards developed by the Director, including with respect to the frequency of evaluation, during the period of eligibility of such employee or officer of an element of the intelligence community, such contractor, or such individual employee to such a contractor to determine whether such employee or officer of an element of the intelligence community, such contractor, and such individual employee of such a contractor continues to meet the requirements for eligibility for access to classified information;

This insider threat program searches IC employees hard drives (one of Snowden’s sins).

Then, the following year, HPSCI got even more serious, mandating that the Director of National Intelligence look into credit reports, commercially available data, and social media accounts to hunt down insider threats, including by watching for changes in ideology like those Snowden exhibited, developing an outspoken concern about the Fourth Amendment.

I mean, on one hand, this isn’t funny at all — and I imagine that Snowden’s former colleagues blame him that they have gone from having almost no privacy as cleared employees to having none. This is what people like Carrie Cordero mean when they regret the loss of trust at the agency.

But as I have pointed out in the past, if someone like Snowden — who at least claims to have had good intentions — can walk away with the crown jewels, we should presume some much more malicious and/or greedy people have as well.

But here’s the thing: you cannot, as Cordero does, say that the “foreign intelligence collection activities [are] done with detailed oversight and lots of accountability” if it is, at the same time, possible for a SysAdmin to walk away with the family jewels, including raw data on targets. If Snowden could take all this data, then so can someone maliciously spying on Americans — it’s just that that person wouldn’t go to the press to report on it and so it can continue unabated. In fact, in addition to rolling out more whistleblower protections in the wake of Snowden, NSA has made some necessary changes (such as not permitting individual techs to have unaudited access to raw data anymore, which appears to have been used, at times, as a workaround for data access limits under FISA), even while ratcheting up the insider threat program that will, as Cordero suggested, chill certain useful activities. One might ask why the IC moved so quickly to insider threat programs rather than just implementing sound technical controls.

The Intelligence world has gotten itself into a pickle, at once demanding that a great deal of information be shared broadly, while trying to hide what information that includes, even from American citizens. It aspires to be at once an enormous fire hose and a leak-proof faucet. That is the inherent impossibility of letting the secret world grow so far beyond management — trying to make a fire hose leak proof.

Some people in the IC get that — I believe this is one of the reasons James Clapper has pushed to rein in classification, for example.

But HPSCI, the folks overseeing the fire hose? They don’t appear to realize that they’re trying to replicate and expand Snowden’s privacy violations, even as they condemn them.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

A Cosmopolitan Defense of Snowden

A bunch of human rights groups have started a campaign calling on President Obama to pardon Edward Snowden, to coincide with the release of the Snowden movie today.

With regards to Snowden’s fate, I believe — as I have from the start — that US interest would have been and would be best served if a safe asylum for Snowden were arranged in a friendly country. I had said France at the time, but now Germany would be the obvious location. Obama is not going to pardon Snowden, and Presidents Hillary or Trump are far less likely to do so, not least because if a president pardoned Snowden it would be an invitation for a metaphorical or literal assassination attempt. But I also think it would have always served US interests to keep Snowden out of a place like Russia. That ship has already sailed, but I still think we insist on making it impossible for him to leave Russia (by pressuring allies like Germany that might otherwise have considered asylum) largely out of self-destructive motives, an urge to prove our power that often overrides our interests.

That’s all background to recommending you read this post from Jack Goldsmith arguing against pardon for Snowden. While I disagree with big parts of it, it is the most interesting piece I’ve seen on the Snowden pardon question, for or against.

Like me, Goldsmith believes there’s no chance Snowden will get a pardon, even while admitting that Snowden’s disclosures brought worthwhile transparency to the Intelligence Community. Unlike me, he opposes a pardon, in part, because of the damage Snowden did, a point I’ll bracket for the moment.

More interestingly, Goldsmith argues that a pardon should be judged on whether Snowden’s claimed justification matches what he actually did.

Another difficulty in determining whether a pardon is warranted for Snowden’s crimes is that the proper criteria for a pardon are elusive.  Oliver Wendell Holmes once declared that a pardon “is the determination of the ultimate authority that the public welfare will be better served by inflicting less” than what the criminal law specified.  But how to measure or assess the elusive public welfare?  The Constitution delegates that task exclusively to the President, who can use whatever criteria he chooses.  Many disagreements about whether a pardon is appropriate are at bottom disagreements about what these criteria should be.  Some will question whether Snowden should be pardoned even if his harms were trivial and the benefits he achieved were great.  Indeed, presidents don’t usually grant pardons because a crime brought benefits.  My own view is that in this unusual context, it is best to examine the appropriateness of a pardon in the first instance through an instrumental lens, and also to ask how well Snowden’s stated justification for his crimes matches up with the crimes he actually committed.

Goldsmith goes on to engage in what I consider a narrowly bracketed discussion of Snowden’s leaks about violations of US law (for example, he, as everyone always does, ignores NSA double dipping on Google and Yahoo servers overseas), claiming to assess whether they were violations of the Constitution, but in fact explicitly weighing whether they were a violation of the law.

His exposure of the 702 programs (PRISM and upstream collection) is harder to justify on these grounds, because these programs were clearly authorized by public law and have not sparked nearly the same criticism, pushback, or reform.

After substituting law for Constitution, the former OLC head (the guy who approved of much of Stellar Wind by claiming FISA exclusivity didn’t really mean FISA exclusivity) makes what is effectively an Article II argument — one nowhere nearly as breathtaking as Goldsmith’s Stellar Wind one. Most of Snowden’s leaks can’t be unconstitutional, Goldsmith argues, because they took place overseas and were targeted at non-US persons.

What I do not get, and what I have never seen Snowden or anyone explain, is how his oath to the U.S. Constitution justified the theft and disclosure of the vast number of documents that had nothing to do with operations inside the United States or U.S. persons.  (Every one of the arguments I read for Snowden’s pardon yesterday focused on his domestic U.S. revelations and ignored or downplayed that the vast majority of revelations that did not involve U.S. territory or citizens.)  To take just a few of hundreds of examples, why did his oath to the Constitution justify disclosure that NSA had developed MonsterMind, a program to respond to cyberattacks automatically; or that it had set up data centers in China to insert malware into Chinese computers and had penetrated Huawei in China; or that it was spying (with details about how) in many other foreign nations, on Bin Laden associate Hassam Ghul’s wife, on the UN Secretary General,  and on the Islamic State; or that it cooperates with intelligence services in Sweden and Norway to spy on Russia?; and so on, and so on.  These and other similar disclosures (see here for many more) concern standard intelligence operations in support of national security or foreign policy missions that do not violate the U.S. Constitution or laws, and that did extraordinary harm to those missions.  The losses of intelligence that resulted are not small things, since intelligence information, and especially SIGINT, is a core element of American strength and success (and not just, as many seem to think, related to counterterrorism).  It doesn’t matter that leaks in this context sparked modest reforms (e.g., PPD 28).  The Constitution clearly permits foreign intelligence surveillance, and our elected representatives wanted these obviously lawful practices to remain secret.

Having laid out a (compared to his Stellar Wind defense) fairly uncontroversial argument about the current interpretation of the Constitution reserving wiretapping of non-Americans to the President (though my understanding of the actual wiretapping in the Keith decision, of Americans in Africa, would say Presidents can’t wiretap Americans overseas without more process than Americans’ communications collected under bulk collection overseas currently get), Goldsmith goes onto make his most important point.

The real defense of Snowden stems not from our own Constitution, but from a moral and ethical defense of American values.

What might be the moral and ethical case for disclosing U.S. intelligence techniques against other countries and institutions?  (I will be ignore possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.)  I think the most charitable moral/ethical case for leaking details of electronic intelligence operations abroad, including against our adversaries, is that these operations were harming the Internet, were hypocritical, were contrary to American values, and the like, and Snowden’s disclosures were designed to save the Internet and restore American values.  This is not a crazy view; I know many smart and admirable people who hold it, and I believe it is ethically and morally coherent.

This is a remarkable paragraph. First, it defines what is, I think, the best defense of Snowden. American values and public claims badly conflict with what we were and still are doing on the Internet. I’d add, that this argument also works to defend Chelsea Manning’s leaks: she decided to leak when she was asked to assist Iraqi torture in the name of Iraqi liberation, a dramatic conflict of US stated values with our ugly reality.

But the paragraph is also interesting for the way Goldsmith, almost as an aside, “ignore[s] possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.” I take this to argue that if you’re leaking to serve some universal notion of greater good — some sense of world citizenship — then you can’t very well ask to be pardoned by US law. Perhaps, in that case, you can only ask to be pardoned by universal or at least international law. I’ll come back to this.

Goldsmith contrasts the moral and ethical case based on American values with his own, a moral and ethical one that justifies US spying to serve US interests in a complex and dangerous world.

But it is also not a crazy view, and it is also ethically and morally coherent, to think that U.S. electronic intelligence operations abroad were entirely lawful and legitimate efforts to serve U.S. interests in a complex and dangerous world, and that Snowden’s revelations violated his secrecy pledges and U.S. criminal law and did enormous harm to important American interests and values.

For the record, I think Snowden has said some of US spying does serve US interests in a complex and dangerous world. But from that view, the old defender of Article II argues that a President — the guy or gal who by definition is the only one can decide to pardon Snowden — must always adhere to the latter (Goldsmith’s) moral and ethical stance.

Unfortunately for Snowden’s pardon gambit,  President Obama, and any one who sits in the Oval Office charged with responsibility for American success around the globe, will (and should) embrace the second moral/ethical perspective, and will not (and should not) countenance the first moral/ethical perspective, which I take to be Snowden’s.

Goldsmith then ends where I began, with a more polite explanation that any president that pardoned Snowden would be inviting metaphorical or literal assassination. He also suggests the precedent would lead to more leaks. But that seems to ignore 1) that Snowden leaked even after seeing what they did to Manning (that is, deterrence doesn’t necessarily work) 2) the Petraeus precedent has already exposed the classification system as one giant load of poo.

Anyway, by my reading, Goldsmith argues that this debate pits those motivated out of American values versus those motivated out of perceived American interests, and that any President must necessarily operate from the latter.

I’m interested in that because I think the former motivation really does explain a goodly number of the leakers and whistleblowers I know. People a generation older than me, I think, may have been true believers in the fight against the Evil Empire during the Cold War, only to realize we risk becoming the Evil Empire they spent their life fighting. Every time I see Bill Binney, he makes morbid cracks about how he was the guy who invented “Collect it all,” back when he was fighting Russia. People a generation younger than me — Snowden, Manning, and likely a lot more — more often responded out of defense of all that is great in America after 9/11, only to find that that we have not adhered to that greatness in prosecuting the war on terror. These are gross generalizations. But I think the conflict is real among a lot of people, and it’s one that will always fight increasingly diligent efforts to tamp down dissent.

That said, I want to note something else Goldsmith did, while making his aside that anyone making a cosmopolitan defense of Snowden cannot ask for a pardon under US law (a view I find fairly persuasive, which may be why I think a reasonable outcome is for Snowden to live out his life in Germany). In making that aside, Goldsmith effectively dismissed the possibility that living US values rather than interests might be both cosmopolitan and in our national interest.

I’ve talked about this repeatedly — the degree to which Snowden’s disclosures (and, to a lesser extent, Manning’s) served to expose some lies that are critical to American hegemony. Our hegemonic position relies — according to people like Goldsmith and, perhaps in reality, though the evidence is mixed — on our global dragnet, which in turn serves our global military presence. But it has also relied on an ideology, every bit as important as ideology was during the Cold War, that espoused democracy and market capitalism and, underscoring both of those, a belief in the worth of every individual (and by extension, individual nation) to compete on equal terms. Without that ideology, we’re just a garden variety empire, which is a lot harder to sustain because it requires more costly (in terms of dollars and bodies) coercion rather than persuasion.

And Snowden’s leaks showed we used our preferential position astride the world’s telecommunications network and our claim to serve freedom of expression to serve as the hegemon. Hell, the aftermath of that shows it even more! Country after country has backed off giving Snowden asylum — the proper cosmopolitan resolution — because the US retains enough raw power and/or access to the fruits of the dragnet to persuade countries that’s not in their “interest.”

This is an issue that has gotten far too little attention in the wake of the Snowden leaks: to what degree is the cost of the Snowden leaks measured in terms of exposing to the subjects of our hegemon facts that their leaders already knew (either because they were and are willing co-participants in the spying or knowledgeable adversaries engaged in equally ambitious but less effective surveillance)? I don’t doubt there are individual programs that have been compromised, though thus far the IC has badly hurt its case by making claims (such as that Al Qaeda only adopted encryption in response to Snowden, or that Snowden taught terrorists how to use burner phones) that are easily falsifiable. But a big part of the leaks are about the degree to which the US can (and does passively in many cases via bulk collection) spy on everyone.

But to me, the big cost has been in terms of exposing America’s hegemonic ideology as the fiction that ideologies always become if they aren’t from the start.

Note, I fully accept that that may be an unacceptable cost. America’s hegemony was already weakening; I believe Snowden’s disclosures simply accelerated that. It is absolutely possible that the weakening of US hegemony will create a vacuum of power that will leave chaos. That chaos may, may have already, led to a desire for strongmen in response. There were outside factors playing into all of this. The Iraq War did far more to rot America’s hegemonic virtue than Edward Snowden’s leaks ever could have. And it’s not clear that an empire based on oil can provide the leadership we need to fight climate change, which will increasingly be the source of chaos. But I accept that it is possible Snowden accelerated a process that may lead to horrible outcomes.

Here’s the thing, though: this younger generation of leakers — of dissident servants of the hegemon — don’t need to be cured of a lifetime of ideology. It may take, as it did with Manning, no more than critical assessment of some flyers confiscated by our so-called partners in liberation for the ideology cementing our hegemonic authority to crumble.

Our hegemony depends on the ideology of our values. That seems to both have been the trigger for and may justify the cosmopolitan interest in exposing our hypocrisy. And whether or not Americans should give a shit about the freedom of non-American subjects of the hegemon, to the extent that servants of that ideology here find the hypocrisy unsustainable, we’re likely to have more Mannings and more Snowdens.

Our global dragnet may very well serve the ethics of those who serve presidentially-defined American interests. As such, Snowden’s leaks are surely seen as unforgivable damage.

But it is also possible that American hegemony is only — was only — sustainable to the degree that we made sure that global dragnet was limited by the values that have always been critical to the ideology underlying our hegemony.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.