Posts

Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

/6 Comments/in , /by

The other day, Ron Wyden gave a long speech on FISA Section 702, purportedly explaining why he was voting against Dan Coats to be Director of National Intelligence. Wyden voted against Coats because his former colleague would not commit to providing a number of the number of Americans swept up under Section 702. Given that it’s always a good idea to read Wyden closely, I wanted to summarize what he said. I’ll look at his complaints in a separate post, but for now I wanted to focus on Wyden’s description of the bogus explanations James Clapper and others gave Wyden in his past efforts to get the number of Americans sucked up in 702. I summarized the known exchanges that occurred on this issue before Clapper’s famous “not wittingly” lie here.

In 2011, both Wyden and John Bates were asking for numbers at the same time — NSA refused both

The first request for a count is temporally significant(update: I think I just missed this one in the past). In April 2011, Wyden and Mark Udall asked for the number.

In April of 2011, our former colleague, Senator Mark Udall, and I then asked the Director of National Intelligence, James Clapper, for an estimate.

According to Clapper’s response, they sent a written letter with the request on July 14, 2011. The timing of this request is critically important because it means Wyden and Udall made the request during the period when NSA and FISA Judge John Bates were discussing the upstream violations (see this post for a timeline). As part of that long discussion Bates had NSA do analysis of how often it collected US person communications that were completely unrelated to a targeted one (MCTs). Once Bates understood the scope of the problem, he asked how many US person communications it collected that were a positive hit on the target that were the only communication collected (SCTs).

But the timing demands even closer scrutiny. On July 8, John Bates went to DOJ to express “serious concerns” — basically, warning them he might not be able to reauthorize upstream surveillance. On July 14 — the same day Wyden and Udall asked Clapper for this information — DOJ asked Bates for another extension to respond to his questions, promising more information. Clapper blew off Wyden and Udall’s request in what must be record time — on July 26. On August 16, DOJ provided their promised additional information to Bates. That ended up being a count of how many Americans were affected in MCTs.

That means Clapper claimed he couldn’t offer a number even as NSA was doing precisely the kind of count that Wyden and Udall wanted, albeit for just one kind of 702 collection. And, as Wyden suggested in his speech, Clapper’s answer was non-responsive, answering how many US persons had their communications reviewed, rather than how many had their communications collected.

In July of that year, the director wrote back and said, and I quote, it was not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the authority of the Foreign Intelligence Surveillance Act. He suggested reviewing the classified number of disseminated intelligence reports containing a reference to a U.S. Person, but that is very different than the number of Americans whose communications have been collected in the first place. And that’s what this is all about.

Then, after the government presented the information on how many US persons were collected via MCTs to Bates in August, Bates asked them to go back and count SCTs.

NSA refused.

Both FISC and members of SSCI were asking for this information in the same time period, and NSA refused to provide the count.

Since NSA wouldn’t help him, Bates invented an estimate himself, calculating that some 46,000 entirely domestic communications were collected under upstream collection each year.

NSA’s manual review focused on examining the MCTs acquired through NSA’s upstream collection in order to assess whether any contained wholly domestic communications. Sept. 7, 2011 Hearing Tr. at 13-14. As a result, once NSA determined that a transaction contained a single discrete communication, no further analysis of that transaction was done. See Aug. 16 Submission at 3. After the Court expressed concern that this category of transactions might also contain wholly domestic communications, NSA conducted a further review. See Sept. 9 Submission at 4. NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13, 25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Presumably, Wyden learned that NSA had been doing such a count in October, well after Clapper had given his first non-responsive answer.

The 2012 privacy violation claim

Wyden skips the next request he made, when on May 4, 2012, he and Udall asked the Intelligence Community Inspector General Charles McCullough for a number (I laid out the timing of the request in this post). When they also tried to include language in the FAA reauthorization requiring the IGs to come up with a number, SSCI refused, citing their outstanding request to McCullough. Of course, McCullough did not get back to the Senators with his refusal to do such a count until after the bill had passed out of committee. He responded by saying NSA IG George Ellard didn’t have the capacity for such a review, and besides, it would violate the privacy of Americans to find out how much NSA was violating their privacy.

I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Clapper blows off 12 Senators

In response, Wyden rounded up some privacy minded Senators to sign onto a letter asking for an estimate of the number. In this week’s speech, Wyden noted that he said he’d be willing to take an estimate. He didn’t remind his listeners that he and his friends also asked whether such an estimate had been done.

  • Have any entities made any estimates — even imprecise estimates — about how many US communications have been collected under section 702 authorities?

The answer to that question — at least with regards to upstream collection — was yes. NSA had estimated the MCTs and Bates, using their estimate, had made an even rougher estimate of the SCTs. But as I noted here, members of Congress relying on the purported disclosure to Congress about the upstream violations wouldn’t know that — or that the upstream violations involved entirely US person collection. As Wyden noted in his speech, Congress didn’t get this information before the reauthorized FAA.

We still got no answer. And section 702 was reauthorized without this necessary information.

Clapper’s least untruthful answer

Wyden also doesn’t address Clapper’s famous March 2013 lie. Since the exposure of the phone dragnet, most discussions have assumed Wyden was probing only about that program. But the question, as asked, absolutely applied to incidental collection.

Wyden: Does the NSA collect any type of data, at all, on millions, or hundreds of millions of Americans?

Clapper: No sir.

Wyden: It does not?

Clapper: There are cases where they could inadvertently, perhaps, uh, collect, but not wittingly.

Indeed, several of Clapper’s many excuses claim he was thinking of content when he responded. Even if he were, his first answer would still be yes: the NSA collects on so many millions of Americans incidentally that it refuses to count it. But Clapper’s “not wittingly” response is almost certainly not a goof, since he gave it after Wyden had provided a day’s warning the question would be asked and after two different John Bates’ opinions that made it clear that he would forgive the collection of content so long as NSA didn’t know about it, but once they knew about it, then it would become illegal. The not wittingly response reinforces my firm belief that the reason the government refuses to count this is because then a great deal of their Section 702 collection would be deemed illegal under those two FISC precedents.

Clapper’s blow-off becomes Dan Coats’ blow-off

Which is where Wyden brings us up to date, with both house of Congress asking for such a number and — after promises it would be forthcoming — not getting it.

So last year looking at the prospect of the law coming up, there was a renewed effort to find out how many law-abiding Americans are getting swept up in these searches of foreigners. In April 2016 a bipartisan letter from members of the House Judiciary Committee asked the Director of National Intelligence for a public estimate of the number of communications or transactions involving United States persons are collected under section 702 on an annual basis. This letter coming from the House Democrats and Republicans, again asked for a rough estimate. This bipartisan group suggested working with director clapper to determine the methodology to get this estimate.

In December there were hints in the news media that something might be forthcoming, but now we’re here with a new administration considering the nomination of the next head of the intelligence community who has said that reauthorizing section 702 is his top legislative priority and that there is no answer in sight to the question Democrats and Republicans have been asking for over six years. How many innocent law-abiding Americans are getting swept up in these searches under a law that targets foreigners overseas?

There’s one tiny tidbit he doesn’t mention here. Coats never answered that he wouldn’t provide an answer. Rather, he said he didn’t understand the technical difficulties behind providing one (not even after participating in the 2012 vote where this was discussed). In his confirmation hearing, Coats explained one reason why he couldn’t learn what the technical difficulties were before he was confirmed. When he resigned the Senate, his clearance had lapsed, and during his confirmation process, his new clearance was being processed. That meant that for this — and any other classified question that Coats might want to consider anew — he was unable to get information.

The Senate doesn’t seem to care about this serial obstruction, however. Coats was confirmed with an 85-12 vote, with the following Senators voting against confirmation.

Baldwin (D-WI)
Booker (D-NJ)
Duckworth (D-IL)
Gillibrand (D-NY)
Harris (D-CA)
Markey (D-MA)
Merkley (D-OR)
Paul (R-KY)
Sanders (I-VT)
Udall (D-NM)
Warren (D-MA)
Wyden (D-OR)

Given how hard the IC is trying to hide this, the actual exposure of US persons must be fairly significant. We’ll see whether Congress finds another way to force this information out of the IC.

Updated with more granular timing on the 2011 exchange.

FBI’s Surveillance Arbitrage, First Amendment Edition

/in /by

While I was cycling around Provence without a care in the world last week, DOJ’s Inspector General released an IG Report mandated by the USA Freedom Act. It reports on the use of Section 215 from 2012 to 2014 (which means NSA and FBI have successfully avoided any review of their 215 orders from 2010 and 2011, not to mention any review of CIA’s use of the provision). The key takeaway is that the application process to get Section 215 orders is very time consuming — over 100 days on average. Which is probably why Republican Senators have been trying to permit FBI to obtain Electronic Communications Transaction Records with just a National Security Letter since the report was released to Congress in June.

The report also noted a sharp drop-off in the use of 215 orders in recent years, which I’ve been tracking here.

Those two factors are useful background for some other details in the report, however. First, DOJ and FBI interviewees offered many explanations for the decline in Section 215 use, one of which is Edward Snowden, but two more credible ones of which are the use of other authorities to get the same information, Section 702 or grand jury subpoenas.

NSD and FBI personnel attributed the subsequent decline between 2013 and 2015 to several factors, including the stigma attached to the use of Section 215 authority following the Snowden revelations, increased use of Section 702 of the FISA Amendments Act, providers’ resistance to business records orders, agents’ frustrations with the lack of timeliness and level of oversight in the business records process, and agents’ increasing use of criminal legal process instead of FISA authority in counterterrorism and cyber investigations.

They key point, though, is for most uses, there are other ways to get the same information. There is a limit to that, though. Apparently, grand jury subpoenas are only possible for counterterrorism and cybersecurity investigations, not counterintelligence ones.

When asked about this disparity, agents told us that business records orders frequently are the only option available in counterintelligence investigations given the nature and classification of the information involved. By contrast, agents handling counterterrorism and cyber investigations can in some instances open a parallel criminal investigation and use the grand jury process to obtain the same information more quickly and with less oversight than a business records order.

That’s why I’m so interested in a discussion of the applications that got filed — in counterterrorism cases — but either not submitted or withdrawn from the FISC in this period.

screen-shot-2016-10-07-at-10-51-46-am

Remember, the way the government and FISC avoid rejected applications is by not submitting or withdrawing things that it is clear the FISC won’t approve. What this redacted section effectively says is that at least “several” requests based on a target’s statements about jihad were withdrawn, apparently in the wake of a February 2013 order from John Bates on what constitutes targeting for First Amendment reasons.

We’ve seen a heavily redacted version of that opinion. As I laid out here, it’s a classic John Bates opinion: it hems and haws about Executive Branch behavior, but then approves the behavior in question (at least in this case, Bates didn’t approve an expansion of the questionable behavior, as he did in 2010 with the Internet dragnet).

Effectively Bates appears to have objected to the use of a target’s language (perhaps, support for jihad without endorsement of specific threats) in obtaining a Section 215 order, but then pointed to other peoples’ behavior in finding that the order didn’t stem exclusively from First Amendment protected activities.

And the IG Report says that, apparently in the wake of that wishy-washy opinion, DOJ decided to withdraw several applications based on stated support for jihad.

Remember, in 2006, the FBI withdrew two attempts at a 215 order because of FISC’s First Amendment concerns only to get the same information with NSLs. (See page 68ff) Congress made a particularly big stink about it, because the FBI was acting on its own in spite of FISC’s disapproval.

This feels similar. That is, given that FBI was already moving its Section 215 orders to grand jury subpoenas because they’re easier to get and undergo less oversight, it sure seems likely these requests reappeared as such. Unlike the earlier IG report that confirmed FBI arbitraged surveillance authorities to get around First Amendment protections, this report appears not to have pursued the issue (as I understand it, the declassification of this report was handled exclusively through redactions).

They did, however, ask why DOJ doesn’t track applications that are withdrawn, to avoid the appearance that the FISC is a rubber stamp. DOJ’s answer was rather unpersuasive.

The FISA Court did not deny any business records applications between 2012 and 2014. When asked why applications withdrawn after submission of a read copy to the FISA Court were not reported to Congress, potentially creating the inadvertent impression that the FISA Court is a “rubber stamp,” NSD supervisors told us that the Department includes only business records applications formally submitted to the FISA Court and denied or withdrawn, not those filed in “read copy” and subsequently withdrawn. 41 The NSD supervisors acknowledged that excluding applications withdrawn after the FISA Court indicates that it will not sign an order might lead to misunderstandings about the FISA Court’s willingness to question applications, but the supervisors noted that NSD and the FISA Court have talked about the “read” process publicly to address concerns about this. 42 In comments provided to the OIG after reviewing a draft of this report, NSD stated that it is currently considering whether to revise the methodology for counting withdrawn applications.

My guess is they want to avoid any records of withdrawn applications for those times when they do use a grand jury subpoena to obtain stuff that FISC made known it wouldn’t approve. That detail might have to be disclosed to defendants, after all. Here, there’s less paperwork.

It all seems to support a theory that the FBI continues to arbitrage surveillance authorities (as they, by their own admission, do with location tracking). With location tracking, there’s nothing patently illegal about that. But with First Amendment protections, that sure seems dubious.

Until at Least 2014, NSA Was Having Troubles Preventing Back Door Searches of Upstream Searches

/5 Comments/in /by

Since NSA’s practice of conducting back door searches — searches of already collected data based off the targeting of foreigners — became widely known, the spooks have offered a few assurances about why we don’t have to worry about these back door searches. For example, the US person identifiers have to be pre-approved and the NSA won’t conduct back door searches of upstream data, which sometimes includes entirely domestic communications.

According to the Semiannual Reports on Section 702 released some weeks ago, those assurances are fairly hollow, or at least were during the 2013 to 2014 timeframe.

The March 2014 report, which covers the period from December 1, 2012 through May 31, 2013, revealed that the semiannual review process could not directly monitor back door searches on US person identifiers because that information is not kept in a centralized place.

It should be noted both that NSA’s efforts to review queries are not limited to Section 702 authorities and that, at this time, content queries are not specifically identified as containing United States person identifiers. As such, and as the Government previously represented to Congress, NSD and ODNI cannot at this time directly monitor content queries using United States person identifiers because these records are not kept in a centrally located repository. While the changes described above in NSA’s super audit process have not changed this status, NSA is exploring whether future queries using United States person identifiers could be identified and centralized. In the meantime, and in accordance with NSA’s minimization procedures, NSD and ODNI review NSA’s approval of any United States person identifiers used to query unminimized Section 702- acquired communications.

This appears to indicate that internal overseers could not audit the actual queries completed, but instead only reviewed the identifiers used to query data to make sure they were approved. Which, in turn, means the NSA’s targeting of foreigners and dissemination of reports on them got monitored more closely than NSA’s spying on Americans.

The following report — completed in October 2014 and covering the period June 1, 2013 through November 30, 2013 — reports a predictable consequence of the inability to monitor the actual queries conducted as back door searches: prohibited back door searches on upstream data.

(TS//SI//NF) The joint oversight team, however, is concerned about the increase in incidents involving improper queries using United States person identifiers, including incidents involving NSA’s querying of Section 702-acquired data in upstream data using United States Person identifiers. Specifically, although section 3(b)(5) of NSA’s Section 702 minimization procedures permits the scanning of media using United States person identifiers, this same section prohibits using United States person identifiers to query Internet communications acquired through NSA’s upstream collection techniques. NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([redacted]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

While the actual number is redacted, the number is high enough to refer to to “many” improper searches of upstream content.

That explicit violation of the rules set by Bates in 2011 was part of a larger trend of back door search violations, including analysts not obtaining approval to query Americans’ identifiers.

(TS//SI//NF) In addition, section 3(b)(5) of NSA’s Section 702 minimization procedures requires that queries using United States person identifiers must be first be approved in accordance with NSA internal procedures. In this reporting period, [redacted] NSA was in non-compliance with this requirement, either because a prior authorization was not obtained or the authorization to query had expired. For example, in NSA Incidents [redacted] NSA analysts performed queries using United States person identifiers that had not been approved as query terms. These queries occurred for a variety of reasons, including because analysts continued queries on terms that they suspected (but had not confirmed) were used by United States persons, forgot to exclude Section 702 data from queries [redacted], or did not realize that [redacted] constitute a United States person identifier even if the analyst was seeking information on a non-United States person.

Among other things, the third redaction in this passage appears to suggest that analysts conduct back door searches on data generally, presumably including both EO 12333 and 702 obtained data, but have to affirmatively exclude Section 702 data to stay within the rules laid out in the minimization procedures.

Consider the timing of this: the reporting of “many” back door search and other US person query violations occurred in the first post-Snowden period. While the fact NSA did back door searches was knowable from the 2012 SSCI report on Section 702 renewal, it did not become general knowledge among members of Congress and the general public until Snowden leaked more explicit confirmation of it. And all of a sudden, as soon as people started complaining about back door searches and Congress considered regulating it, NSA’s overseers discovered that NSA wasn’t following an explicit prohibition on searching upstream data. One of several risks of back door searching upstream data is it may amount to searching data collected domestically, or even entirely domestic communications.

And while the details get even more redacted, it appears the problem did not go away in the following period, the December 1, 2013 through May 31, 2014 reviews reported in a June 2015 report. After a very long redaction on targeting, the report recommends NSA require analysts to state whether they believe they’re querying on a US person.

Additionally, but separately, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent instances of otherwise approved United States person query terms being used to query upstream Internet transactions, which is prohibited by the NSA minimization procedures.64

The footnote that modifies that discussion is entirely redacted.

The June 2015 report was the most recent one released, so it is unclear whether simply requiring analysts to confirm that they are querying Americans solved the improper back door searches of upstream data. But at least as of the most recently released report, the two most troubling aspects of Section 702 surveillance — the upstream searching on Internet streams and back door unwarranted searches on US person identifiers — were contributing to “many” violations of NSA’s rules.

Rosemary Collyer’s Worst FISA Decision

/4 Comments/in /by

In addition to adding former National Security Division head David Kris as an amicus (I’ll have more to say on this) the FISA Court announced this week that Rosemary Collyer will become presiding judge — to serve for four years — on May 19.

Collyer was the obvious choice, being the next-in-line judge from DC. But I fear she will be a crummy presiding judge, making the FISC worse than it already is.

Collyer has a history of rulings, sometimes legally dubious, backing secrecy and executive power, some of which include,

2011: Protecting redactions in the Torture OPR Report

2014: Ruling the mosaic theory did not yet make the phone dragnet illegal (in this case she chose to release her opinion)

2014: Erroneously freelance researching the Awlaki execution to justify throwing out his family’s wrongful death suit

2015: Serially helping the Administration hide drone details, even after remand from the DC Circuit

I actually think her mosaic theory opinion from 2014 is one of her (and FISC’s) less bad opinions of this ilk.

The FISC opinion I consider her most troubling, though, is not a FISC decision at all, but rather a ruling from last year in an EFF FOIA. Either Collyer let the government hide something that didn’t need hidden, or it has exploited EFF’s confusion to hide the fact that the Internet dragnet and the Upstream content programs are conducted by the same technical means, a fact that would likely greatly help EFF’s effort to show all Americans were unlawfully spied on in its Jewell suit.

Back in August 2013, EFF’s Nate Cardozo FOIAed information on the redacted opinion referred to in this footnote from John Bates’ October 3, 2011 opinion ruling that some of NSA’s upstream collected was illegal.

Screen Shot 2015-10-31 at 6.52.30 PM

Here’s how Cardozo described his FOIA request (these documents are all attached as appendices to this declaration).

Accordingly, EFF hereby requests the following records:

1. The “separate order” or orders, as described in footnote 15 of the October 3 Opinion quoted above, in which the Foreign Intelligence Surveillance Court “address[ed] Section 1809(a) and related issues”; and,

2. The case, order, or opinion whose citation was redacted in footnote 15 of the October 3 Opinion and described as “concluding that Section 1809(a)(2) precluded the Court from approving the government’s proposed use of, among other things, certain data acquired by NSA without statutory authority through its ‘upstream collection.’”

Request 2 was the only thing at issue in Collyer’s ruling. By my read, it would ask for the entire opinion the citation to which was redacted, or at least identification of the case.

EFF, of course, is particularly interested in upstream collection because it’s at the core of their many years long lawsuit in Jewell. To get an opinion that ruled upstream collection constituted unlawful collection sure would help in EFF’s lawsuit.

In her opinion, Collyer made a point of defining “upstream” surveillance by linking to the 2012 John Bates opinion resolving the 2011 upstream issues (as well as to Wikipedia!), rather than to the footnote he used to describe it in his October 3, 2011 opinion.

The opinion in question, referred to here as the Section 1809 Opinion, held that 50 U.S.C. § 1809(a)(2) precluded the FISC from approving the Government’s proposed use of certain data acquired by the National Security Agency (NSA) without statutory authority through “Upstream” collection. 3

3 “Upstream” collection refers to the acquisition of Internet communications as they transit the “internet backbone,” i.e., principal data routes via internet cables and switches of U.S. internet service providers. See [Caption Redacted], 2012 WL 9189263, *1 (FISC Aug. 24, 2012); see also https://en.wikipedia.org/wiki/Upstream_collection (last visited Oct. 19, 2015); https://en.wikipedia.org/wiki/Internet_backbone (last visited Oct. 19, 2015).

As it was, Collyer paraphrased where upstream surveillance comes from as ISPs rather than telecoms, which was redacted in the opinion she cited. But by citing that and not Bates’ 2011 opinion, she excluded an entirely redacted sentence from the footnote Bates used to explain it, which in context may have described a little more about the underlying opinion.

Screen Shot 2016-04-28 at 11.38.32 AM

Having thus laid out the case, Collyer deferred to NSA declarant David Sherman’s judgment — without conducting a review of the document — that releasing the document would reveal details about the implementation of upstream surveillance.

Specifically, the release of the redacted information would disclose sensitive operational details associated with NSA’s “Upstream” collection capability. While certain information regarding NSA’s “Upstream” collection capability has been declassified and publicly disclosed, certain other information regarding the capability remains currently and properly classified. The redacted information would reveal specific details regarding the application and implementation of the “Upstream” collection capability that have not been publicly disclosed. Revealing the specific means and methodology by which certain types of SIGINT collections are accomplished could allow adversaries to develop countermeasures to frustrate NSA’s collection of information crucial to national security. Disclosure of this information could reasonably be expected to cause exceptionally grave damage to the national security.

[snip]

With respect to the FISC opinion withheld in full, it is my judgment that any information in the [Section 1809 Opinion] is classified in the context of this case because it can reasonably be expected to reveal classified national security information concerning particular intelligence methods, given the nature of the document and the information that has already been released. . . . In these circumstances, the disclosure of even seemingly mundane portions of this FISC opinion would reveal particular instances in which the “Upstream” collection program was used and could reasonably be expected to encourage sophisticated adversaries to adopt countermeasures that may deprive the United States of critical intelligence. [my emphasis]

Collyer found NSA had properly withheld the document as classified information the release of which would cause “grave damage to national security.”

Read more

The NSA Has Never Not Been Violating FISA Since It Moved Stellar Wind to FISA in 2004

/5 Comments/in /by

Back in 2013, I noted that FISA Judge John Bates had written two opinions finding NSA had violated 50 U.S.C. §1809(a)(2), which prohibits the “disclos[ure] or use[ of] information obtained under color of law by electronic surveillance, knowing or having reason to know that the information was obtained through electronic surveillance not authorized by” FISA. Each time he did it, Bates sort of waggled around the specter of law-breaking as a way of forcing NSA to destroy data they otherwise wanted to retain and use. I suspect that is why NSA moved so quickly to shut down its PRTT program in 2011 in the wake of his upstream opinion.

In his November 6, 2015 opinion reauthorizing Section 702, presiding judge Thomas Hogan described two more definite violations of 50 U.S.C. §1809(a)(2), and one potential one, bringing the list of times the FISC caught NSA illegally surveilling Americans to four, and potentially five, times.

  1. Fall 2009 confession/July 2010 opinion: Collection of categories of data under the bulk PRTT program not permitted by the FISC (Bates’ opinion describes a category violation reported to FISC in the very first PRTT docket, along with NSA’s assurances it would never happen again)
  2. June 2010 confession/December 10 2010, May 13, 2011 opinions: Retention of overcollected data from a traditional FISA warrant in mission management systems ultimately not deemed necessary for collection avoidance
  3. May 2011 confession/October 3, 2011 opinion: Collection of entirely domestic communications on upstream surveillance MCTs
  4. July 13, 2015 confession/November 6, 2015 opinion: Retention of 702 communications that had been otherwise purged in mission management systems, even though FISC had ruled against such retention in 2011
  5. [Potential] July 13, 2015 confession/November 6, 2015 opinion: Retention of data that should have been purged or aged off in compliance databases

Hogan describes these incidents starting on 56.

Between June and August of 2010, the government filed some notices of violation in conjunction with a single electronic surveillance order (on page 58, he describes that as dealing “exclusively with Title I collection in a particular case.”) It’s unclear whether the scope of the surveillance extended beyond what had been authorized, or whether the government had conducted surveillance based on illegally collected data (Hogan refers to it both as overcollection but also as poison fruit). As part of its efforts to resolve the problem, the government argued it could keep some of this poisonous fruit in some kind of oversight database to prevent further collection. But it also argued that its minimization procedures “only applied to interceptions authorized by the Court and did not apply to the fruits of unlawful surveillance,” effectively arguing that if it broke the law the FISC could then not tell it what to do because it had broken the law. The government also argued 50 U.S.C. §1809(a)(2) “only prohibits use or disclosure of unlawfully obtained information for investigative or analytic purposes,” meaning it could keep illegal data for management purposes.

FISC didn’t buy this argument generally, but in a December 10, 2010 opinion did permit NSA to retain “the results of unauthorized surveillance [that] are needed to remedy past unauthorized surveillance or prevent similar unauthorized surveillance in the future.” In that opinion, FISC cited John Bates’ July 2010 PRTT opinion discussing the application of 50 U.S.C. §1809(a)(2).

After further review, on May 13, 2011, the court ruled that the specific data in question did not fall within that exception.

[C]ourts should not attempt “to restrict the unqualified language of a [criminal] statute to the particular evil that Congress was trying to remedy — even assuming that it is possible to identify that evil from something other than the text of the statute itself.” Brogan v United States, 522 U.S. 398, 403 (1998) … The exception recognized in the December 10, 2010 Opinion stands on narrower but firmer ground: that in limited circumstances, prohibiting use of disclosure of the results of unauthorized electronic surveillance would be “so ‘absurd or glaringly unjust’ … as to [call into] question whether Congress actual intended what the plain language of Section 1809(a)(2) “so clearly imports.”

That decision only related to one traditional FISA order — but it did lay out the principle that NSA couldn’t keep illegally collected data for vague management reasons.

Which is why Hogan was so surprised to learn NSA was doing the same thing — and had been! — with Section 702 data that had otherwise been purged, which the NSA confessed to Hogan in July of last year. That is, having stopped the practice with a single traditional FISA order, they kept doing it with programmatic 702 data.

In light of the May 2011 [redacted], the Court was very surprised to learn from the July 13, 2015 Notice that the NSA had not been deleting from [redacted] Section 702 records placed on the NSA’s Master Purge List (“MPL”).

[snip]

As the Court explained to the government at the October 8 Hearing, it expects the government to comply with its heightened duty of candor in ex parte proceedings at all times. Candor is fundamental to this Court’s effective operation in considering ex parte submissions from the government, particularly in matters involving large and complex operations such as the implementation of Section 702.

After the hearing, the government submitted several filings effectively saying it was purging the data, then admitting that the technical process it had implemented to effect the purge was only purging some of the selectors that had been illegally collected.

In any case, after 4 years of retaining 702 data that had to be purged, they were finally moving towards deleting it last year.

The second violation pertains to two tools (both names of which are redacted) that help determine whether a selector can be or has been properly tasked (on page 76, Hogan suggests “most Section 702 information [in these databases] that is otherwise subject to purge pertains to roamer communications.”

The first appears to be a pre-tasking tool to see whether it properly tasked. This tool has not aged off PRISM data within the required 5 years, nor upstream data within the required 2 years, though it has aged off pre-October 31, 2011 upstream data. NSA has not done so “because of the utility of these records for compliance and collection avoidance purposes.”  It also helps to respond to OSD and ODNI oversight questions.

The second is a post-tasking tool to identify whether a Section 702 target may be in the US. It doesn’t age off PRISM data within the required 5 years, though it does treat upstream data properly. In addition, it doesn’t purge items that have been added to the Master Purge List. Rather than purging, it just masks certain fields from most users.

In general, Hogan seemed to believe most of this data did fall within the narrow exception laid out in the December 2010 opinion permitting the retention of unauthorized data for the purposes of collection avoidance, though he asked for further briefing that would have taken place in January.

He did point to the inclusion in these two tools of other selectors that had been put on the purge list, however, which would raise additional questions:

Examples would be incidentally acquired communications of or concerning United States persons that are clearly not relevant to the authorized purpose of the acquisition or that do not contain evidence of a crime which may be disseminated under the minimization procedures … attorney-client communications that do not contain foreign intelligence information or evidence of a crime … and any instances in which the NSA discovers that a United Staes person or person not reasonably believed to be outside the United States at the time of targeting has been intentionally targeted under Section 702.

That is, Hogan raised the possibility that these tools included precisely the kind of information that should be deliberately avoided.

Ah well. He still reauthorized Section 702.

Consider what this means: between the five years between when, in fall 2004, NSA told Colleen Kollar-Kotelly it was violating her category restrictions on the bulk Internet dragnet until the time, in 2009, it admitted it continued to do so with every single record collected, between the non-disclosure of what NSA was really doing with upstream surveillance between 2008 and 2011, and between the time FISC told NSA it couldn’t keep illegally collected data for management reasons in May 2011 to the time in July 2015 it confessed it had continued to do that with 702 data, NSA has always been in violation of 50 U.S.C. §1809(a)(2) since it moved Stellar Wind to FISA.

And that’s just the stuff they have admitted to.

The Obama Administration Almost Doubled Down on Yoo’s Illegality

/4 Comments/in , /by

Over at JustSecurity the other day, ACLU’s Patrick Toomey argued that the Administration’s current interpretation of FISA — especially its embrace of upstream surveillance — means the Obama Administration has gone beyond John Yoo’s thinking on surveillance as exhibited in his May 17, 2002 letter to FISC judge Colleen Kollar-Kotelly.

Perhaps most remarkably, however, the Obama Justice Department has pressed legal theories even more expansive and extreme than Yoo himself was willing to embrace. Yoo rounded out his Stellar Wind memo with an effort to reassure Judge Kollar-Kotelly that the government’s legal interpretation had limits, saying: “Just to be clear in conclusion. We are not claiming that the government has an unrestricted right to examine the contents of all international letters and other forms of communication.” But that is essentially the power the NSA claims today when it conducts Upstream surveillance of Americans’ Internet communications. The NSA has installed surveillance equipment at numerous chokepoints on the Internet backbone, and it is using that equipment to search the contents of communications entering or leaving the country in bulk. As the ACLU recently explained in Wikimedia v. NSA, this surveillance is the digital analogue of having a government agent open every letter that comes through a mail processing center to read its contents before determining which letters to keep. In other words, today the Obama administration is defending surveillance that was a bridge too far for even John Yoo.

I’m not sure I’m convinced. After all, the Administration claims it is not examining the contents of all international letters, but rather only looking at those where selected identifiers show up in data packets. Yeah, I know it’s a bullshit argument, but they pretend that’s not searching the contents, really. Moreover we have substantial reason to believe they were doing (some) of this anyway.

But there is a curious relationship between a claim Yoo made in his letter and the Obama Administration’s views on FISA.

In the letter, Yoo writes,

FISA purports to be the exclusive means for conducting electronic surveillance for foreign intelligence, … FISA establishes criminal and civil sanctions for anyone who engages in electronic surveillance, under color of law, except as authorized by statute, warrant, or court order. 50 U.S.C. § 1809-10. It might be thought, therefore, that a warrantless surveillance program, even if undertaken to protect the national security, would violate FISA’s criminal and civil liability provisions.

Such a reading of FISA would be an unconstitutional infringement on the President’s Article II authorities. FISA can regulate foreign intelligence surveillance only to the extent permitted by the Constitution’s enumeration of congressional authority and the separation of powers.

[snip]

[A]s we explained to Congress during the passage of the Patriot Act, the ultimate test of whether the government may engage in foreign surveillance is whether the government’s conduct is consistent with the Fourth Amendment, not whether it meets FISA.

This is especially the case where, as here, the executive branch possess [sic] the inherent constitutional power to conduct warrantless searches for national security purposes.

Effectively, Yoo is saying that even if they blow off FISA, they will be immune from the penalties under 50 USC §1809-10 so long as what they were doing fulfilled the Fourth Amendment, including an expansive reading of special needs that Yoo lays out in his memo. (Note, this was explained in the DOJ Stellar Wind IG Report — starting at PDF 47 — but this letter makes it more clear.)

As a reminder, on two occasions, John Bates disagreed with that interpretation, first in 2010 when he ruled NSA couldn’t continue to access the five years of data it overcollected under the PRTT Internet dragnet, and then again in 2011 when he said the government couldn’t disseminate the illegally collected upstream data (and Vaughn Walker disagreed in a series of rulings in the Al Haramain case in 2010, though the 9th Circuit partially overturned that in 2012). We know, thanks to Snowden, that the government considered appealing the order. And in his summary of the resolution of this issue, Bates made it clear that the government’s first response was to say that limits on illegally collected data don’t apply.

However, issues remained with respect to the past upstream collection residing in NSA’s databases. Because NSA’s upstream collection almost certainly included at least some acquisitions constituting “electronic surveillance” within the meaning of 50 U.S.C. § 1801 (f), any overcollection resulting from the government’s misrepresentation of the scope of that collection implicates 50 U.S.C. § 1809(a)(2). Section 1809(a)(2) makes it a crime to “disclose[] or use[] information obtained under color of law by electronic surveillance, knowing or having reason to know that the information was obtained through electronic surveillance not authorized” by statute. The Court therefore directed the government to make a written submission addressing the applicability of Section 1809(a), which the government did on November 22, 2011. See [redacted — probably a reference to Bates’ July 2010 opinion], Oct. 13, 2011 Briefing Order, and Government’s Response to the Court’s Briefing Order of Oct. 13, 2011 (arguing that Section 1809(a)(2) does not apply).

Ultimately, though, the government not only (said it) destroyed the illegal upstream data, but claims to have destroyed all its PRTT data in a big rush (so big a rush it didn’t have time to let NSA’s IG certify the intake collection of data).

And it replaced that PRTT program by searching data under SPCMA it claimed to have collected legally … somewhere.

I don’t pretend to understand precisely went on in those few weeks in 2011, though it’s clear that Obama’s Administration at least considered standing by the spirit of Yoo’s claim, even though the opinion itself had been withdrawn.

But I do know that at least through 2009, the government treated all its PRTT and Section 215 data as EO 12333 data, and in fact the providers appear not to have distinguished it either (more on this in upcoming days, hopefully). That is, it was collecting data with FISC sanction that it treated as data it collected outside of FISC sanction (that is, under EO 12333), and it was ignoring the rules FISC imposed.

Which leads me to wonder whether the government still doesn’t believe it remains immune from penalties laid out in FISA.

The Intelligence Community Continues to Pretend Ignorance of Its Deliberate 702 Spying

/2 Comments/in /by

As I noted in an update to this post, over the last several months, the Brennan Center has led an effort among privacy organizations to get the Intelligence Community to provide the transparency over its Section 702 surveillance that it dodged under the USA Freedom Act. On October 29, 2015, it send James Clapper a letter asking for:

  • A public estimate of the number of communications or transactions involving American citizens and residents subject to Section 702 surveillance on a yearly basis.
  • The number of times each year that the FBI uses a U.S. person identifier to query databases that include Section 702 data, and the number of times the queries return such data.
  • Policies governing agencies’ notification of individuals that they intend to use information “derived from” Section 702 surveillance in judicial or administrative proceedings.

On December 23, Privacy Officer Alex Joel responded on behalf of Clapper, largely dodging the requests but offering to have a meeting at which he could further dodge the request. Then yesterday, Brennan replied, calling out some of those dodges and posing new questions in advance of any meeting.

While the reply asks some worthwhile new questions, I wanted to look at some underlying background to the response Joel and ODNI gave.

The number of communications or transactions involving American citizens and residents subject to Section 702 surveillance on a yearly basis

In response to Brennan’s request for the number of US persons sucked up in 702, Joel points back to the PCLOB 702 report (which was far more cautious than the earlier 215 report) and its report on the status of recommendations from January 2015 and basically says, “we’re still working on that.” Brennan deemed the response non-responsive and noted that the IC is still working on 4 of PCLOB’s 5 recommendations 18 months after they issued it.

I would add one important caveat to that: PCLOB’s fifth recommendation was that the government provide,

the number of instances in which the NSA disseminates non-public information about U.S. persons, specifically distinguishing disseminations that includes names, titles, or other identifiers potentially associated with individuals.

We’ve just learned — through curiously timed ODNI declassification — that the numbers FBI gives to Congress on 702 dissemination are dodgy, or at least were dodgy in 2012, in part because they had been interpreting what constituted US person information very narrowly. For whatever reason, PCLOB didn’t include FBI in this recommendation, but they should be included, especially given the issues of notice to defendants dealt with below.

More importantly, there’s something to remember, as the IC dawdles in its response to this recommendation. In 2010, John Bates issued a ruling stating that knowingly collecting US person content constituted an illegal wiretap under 50 USC 1809(a). Importantly, he said that if the government didn’t know it was conducting electronic surveillance, that was okay, but it shouldn’t go out of its way to remain ignorant that it was doing so.

When it is not known, and there is no reason to know, that a piece of information was acquired through electronic surveillance that was not authorized by the Court’s prior orders, the information is not subject to the criminal prohibition in Section 1809(a)(2). Of course, government officials may not avoid the strictures of Section 1809(a)(2) by cultivating a state of deliberate ignorance when reasonable inquiry would likely establish that information was indeed obtained through unauthorized electronic surveillance.

The following year, Bates held that when it collected entirely domestic communications via upstream Section 702 collection, that collection was intentional (and therefore electronic surveillance), not incidental, though Clapper’s lawyer Bob Litt likes to obfuscate on this point. The important takeaway, though, is that the IC can illegally collect US person data so long as it avoids getting affirmative knowledge it is doing so, but it can’t be too obvious in its efforts to remain deliberately ignorant.

I’d say 18 months begins to look like willful ignorance.

The number of times each year that the FBI uses a U.S. person identifier to query databases that include Section 702 data, and the number of times the queries return such data

Brennan asked for solid numbers on back door searches, and Joel pointed to PCLOB’s recommendations that pertain to updated minimization procedures, a totally different topic.

And even there Joel was disingenuous in a way that the Brennan letter did not note.

Joel asserts that “with the recent reauthorization of the 702 Certification … this recommendation 2 [has] been implemented.” The recommendation included both additional clarity in FBI’s minimization procedures as well as further limits on what non-national security crimes FBI can use 702 data for.

Back in February 2015, Bob Litt revealed the latter information, what FBI could use 702 data for:

crimes involving death, kidnapping, substantial bodily harm, conduct that is a specified offense against a minor as defined in a particular statute, incapacitation or destruction of critical infrastructure, cyber security, transnational crimes, or human trafficking.

But after Litt made that disclosure, and either after or during the process of negotiating new 702 certificates, the ODNI released updated minimization procedures. But they where the MPs for 2014, not 2015! (See this post for a discussion of new disclosures in those documents.) Joel’s answer makes clear that FBI’s minimization procedures were updated significantly in the 2015 application beyond what they had been in 2014 (because that’s the only way they could have not fulfilled that recommendation last January but have since done so).

In other words, Joel answers Brennan’s question by boasting about fulfilling PCLOB’s recommendations, but not Brennan’s answer. But even there, if ODNI had just released the current FBI MPs, rather than year-old ones, part of Brennan’s questions would be answered — that is, what the current practice is.

I think the recent new disclosures about the limits on FBI’s very limited disclosure reporting (at least until 2012) provide some additional explanation for why FBI doesn’t count its back door searches. We know:

  • At least until 2012, it appears FBI did not consider reports based off the content of a message (“about”) not including the US person mentioned, certain kinds of identifiers (probably including phone numbers and Internet identifiers), or metadata to be sharing non-public US person information.
  • At least until the most recent certification, FBI was permitted to use metadata to analyze communications and transfer “all such metadata to other FBI electronic and data storage systems for authorized and foreign intelligence purposes” (page 11) without marking it as disseminated Section 702 data (footnote 2). This likely increases the chance that FBI does not treat metadata derived from Section 702 — and analysis integrating it and other data — to be 702 derived (especially given its apparent belief that such metadata does not equate to person identifying information).
  • FBI’s databases surely include redundant information for people whose communications are collected — either as target or incidentally — under both Section 702 and traditional FISA (and possibly even under Title III warrants). If, as Charlie Savage reported last year, FBI is now acquiring raw EO 12333 data, it may be in the same databases as well. This is undoubtedly even more true with respect to metadata. Given known practice on the NSA side, FBI likely uses the multiple designations to avoid disclosure rules.

In other words, there is a great deal of room to launder where data comes from, particularly if it has been used for metadata link analysis as an interim step. To try to count the specifically Section 702 queries, even just of content, though all the more so of metadata, would require revealing these overlaps, which FBI surely doesn’t want to do.

Policies governing agencies’ notification of individuals that they intend to use information “derived from” Section 702 surveillance in judicial or administrative proceedings

All that’s also background to Brennan’s request for information about notice to defendants. Joel pretty much repeated DOJ’s unhelpful line, though he did direct Brennan to this OLC memo on notice to those who lose clearance. Not only does that memo reserve the right to deem something otherwise subject to FISA’s notice requirements privileged, it also cites from a 1978 House report excluding those mentioned in, but not a party to, electronic surveillance from notice.

[A]s explained in a FISA House Report, “[t]he term specifically does not include persons, not parties to a communication, who may be mentioned or talked about by others.”

That, of course, coincides with one of the categories of people that it appears FBI was not counting in FISA dissemination reports until at least 2012 (and, of course, metadata does not count as electronic surveillance).

All of which is to say this appears to hint at the scope of how FBI has collected and identified people using 702 derived data that nevertheless don’t get 702 notice.

None of that excuses ODNI for refusing to respond to these obvious questions. But it does seem to indicate that the heart of FBI’s silence about its own 702 practices has a lot to do with its ability to arbitrage the multiple authorities it uses to spy.

The Three Kinds of Dragnet Searches NSA Did When Only Doing Contact Chaining

/5 Comments/in , /by

This is going to be a weedy post in which I look at a key detail revealed by 2010 NSA Inspector General reviews of the Section 215 phone dragnet. The document was liberated by Charlie Savage last year.

At issue is the government’s description, in the period after the Snowden leaks, of what kind of searches it did on the Section 215 phone dragnet. The searches the government did on Section 215 dragnet data are critical to understanding a number of things: the reasons the parallel Internet dragnet probably got shut down in 2011, the squeals from people like Marco Rubio about things the government lost in shutting down the dragnet, and the likely scope of collection under USA Freedom Act.

Throughout the discussion of the phone dragnet, the administration claimed it was used for “contact chaining” — that is, exclusively to show who was within 3 (and starting in 2014, 2) degrees of separation, by phone calls [or texts, see update] made, from a suspected terrorist associate.

Here’s how the administration’s white paper on the program described it in 2013.

This telephony metadata is important to the Government because, by analyzing it, the Government can determine whether known or suspected terrorist operatives have been in contact with other persons who may be engaged in terrorist activities, including persons and activities within the United States. The program is carefully limited to this purpose: it is not lawful for anyone to query the bulk telephony metadata for any purpose other than counterterrorism, and Court-imposed rules strictly limit all such queries.

Though some claims to Congress and the press were even more definitive that this was just about contact chaining.

The documents on the 2009 violations released under FOIA made it clear that, historically at least, querying wasn’t limited to contact chaining. Almost every reference in these documents to the scope of the program includes a redaction after “contact chaining” in the description of the allowable queries. Here’s one of many from the government’s first response to Reggie Walton’s questions about the program.

Screen Shot 2016-01-05 at 10.48.44 AM

The redaction is probably something like “pattern analysis.”

Because the NSA was basically treating all Section 215 data according to the rules governing EO 12333 in 2009 (indeed, at the beginning of this period, analysts couldn’t distinguish the source of the two authorizations), it subjected the data to a number of processes that did not fit under the authorization in the FISC orders — things like counts of all contacts and automatic chaining on identifiers believed to be the same user as one deemed to have met the Reasonable Articulable Standard. The End to End report finished in summer 2009 described one after another of these processes being shut down (though making it clear it wanted to resume them once it obtained FISC authorization). But even in these discussions, that redaction after “contact chaining” remained.

Screen Shot 2016-01-05 at 11.00.33 AM

Even in spite of this persistent redaction, the public claims this was about contact chaining gave the impression that the pattern analysis not specifically authorized by the dragnet orders also got shut down.

The IG Reports that Savage liberated gives a better sense of precisely what the NSA was doing after it cleared up all its violations in 2009.

The Reports were ordered up by the FISC and covered an entire year of production (there was a counterpart of the Internet dragnet side, which was largely useless since so much of that dragnet got shut down around October 30, 2009 and remained shut down during this review period).

The show several things:

  • NSA continued to disseminate dragnet results informally, even after Reggie Walton had objected to such untrackable dissemination
  • Data integrity techs could — and did on one occasion, which was the most significant violation in the period — access data directly and in doing so bypass minimization procedures imposed on analysts (this would be particularly useful in bypassing subject matter restrictions)
  • Already by 2010, NSA did at least three different kinds of queries on the database data: in addition to contact chaining, “ident lookups,” and another query still considered Top Secret

It’s the last item of interest here.

The first thing to understand about the phone dragnet data is it could be queried two places: the analyst front-end (the name of which is always redacted), and a “Transaction Database” that got replaced with something else in 2011. (336)

Screen Shot 2015-08-29 at 7.08.12 PM

Basically, when the NSA did intake on data received from the telecoms, it would create a table of each and every record (which is I guess where the “transaction” name came from), while also making sure the telecoms didn’t send illegal data like credit card information.

Doing queries in the Transaction Database bypassed search restrictions. The March 2010 audit discovered a tech had done a query in the Transaction Database using a selector the RAS approval (meaning NSA had determined there was reasonable articulable suspicion that the selector had some tie to designated terrorist groups and/or Iran) of which had expired. The response to that violation, which NSA didn’t agree was a violation, was to move that tech function into a different department at NSA, away from the analyst function, which would do nothing to limit such restriction free queries, but would put a wall between analysts and techs, making it harder for analysts to ask techs to perform queries they would be unable to do.

Because the direct queries done for data integrity purposes were not subject to auditing under the phone dragnet orders, the monthly reports distinguished between those and analyst queries, the latter of which were audited to be sure they were RAS approved. But as the April 2010 report and subsequent audits showed, analysts also would do an “ident lookup.” (83)

Screen Shot 2015-08-29 at 2.16.18 PM

The report provided this classified/Five Eyes description of “ident lookups.”

Screen Shot 2015-08-29 at 2.19.12 PM

The Emphatic Access Restriction was a tool implemented in 2009 to ensure that analysts only did queries on RAS-approved selectors. What this detail reveals is that, rather than consulting a running list somewhere to see whether a selector was RAS approved, analysts would instead try to query, and if the query failed, that’s how they would learn the selector was not RAS approved.

We can’t be sure, but that suggests RAS approval went beyond simple one-to-one matching of identifiers. It’s possible an ident lookup needed to query the database to see if the data showed a given selector (say, a SIM card) matched another selector (say, a phone number) which had been RAS approved. It might go even further, given that NSA had automatically done searches on “correlated” numbers (that is, on a second phone number deemed to belong to the same person as the approved primary number that had been RAS approved). At least, that’s something NSA had done until 2009 and said it wanted to resume.

In other words, the fact that an ident lookup query queried the data and not just a list of approved selectors suggests it did more than just cross-check the RAS approval list: at some level it must tested the multiple selectors associated with one user to see if the underlying selectors were, by dint of the user himself being approved, themselves approved.

Indent lookups appear fairly often in these IG reports. Less frequent is an entirely redacted kind of query such as described but redacted in the September 2010 report. (166)

Screen Shot 2015-08-29 at 3.41.18 PM

The footnote description of that query is classified Top Secret NOFORN and entirely redacted.

Screen Shot 2015-08-29 at 3.49.14 PM

I have no idea what that query would be, but it’s clear it is done on the analyst facing interface, and only on RAS approved selectors.

The timing of this third query is interesting. Such queries appear in the September and October 2010 audits. That was a period when, in the wake of the July 2010 John Bates approval to resume the Internet dragnet, they were aligning the two programs again (or perhaps even more closely than they had been in 2009). It also appears after a new selector tracking tool got introduced in June 2010. That said, I’m unaware of anything in the phone dragnet orders that would have expanded the kinds of queries permitted on the phone dragnet data.

We know they had used the phone dragnet until 2009 to track burner phones (that is, matching calling patterns of selectors unknown to have a connection to determine which was a user’s new phone). We know that in November 2012, FISC approved an automated query process, though NSA never managed to implement it technically before Obama decided to shut down the dragnet. We also know that in 2014 they started admitting they were also doing “connection” chaining (which may be burner phone matching or may be matching of selectors). All are changes that might relate to more extensive non-chain querying.

We also don’t know whether this kind of query persisted from 2010 until last year, when the dragnet got shut down. I think it possible that the reasons they shut down the Internet dragnet in 2011 may have implicated the phone dragnet.

The point, though, is that at least by 2010, NSA was doing non-chain queries of the entire dragnet dataset that it considered to be approved under the phone dragnet orders. That suggests by that point, NSA was using the bulk set as a set already (or, more accurately, again, after the 2009 violations) by September 2010.

Last March James Clapper explained the need to retain records for a period of time, he justified it by saying you needed the historical data to discern patterns.

Q: And just to be clear, with the private providers maintaining that data, do you feel you’ve lost an important tool?

Clapper: Not necessarily. It will depend though, for one, retention period. I think, given the attitude today of the providers, they will probably do all they can to minimize the retention period. Which of course, from our standpoint, lessens the utility of the data, because you do need some — and we can prove this statistically — you do need some historical data in order to, if you’re gonna discern a pattern. And again, 215 to me, is much like my fire insurance policy. You know, my house has never burned down but every year I buy fire insurance just in case.

This would be consistent with the efforts to use the bulk dataset to find burner identities, at a minimum. It would also be consistent with Marco Rubio et al’s squeals about needing the historical data. And it would be consistent with the invocation of the National Academy of Sciences report on bulk data (though not on the phone dragnet), which NSA’s General Counsel raised in a Lawfare post today.

In other words, contrary to public suggestions, it appears NSA was using the phone dragnet to conduct pattern analysis that required the bulk dataset. That’s not surprising, though it is something the NSA suggested they weren’t doing.

They surely are still doing that on the larger EO 12333 dataset, along with a lot more complex kinds of analysis. But it seems some, like Rubio, either think we need to return to such bulk pattern analysis, or has used the San Bernardino attack to call to resume more intrusive spying.

Update: One of the other things the IG Reports make clear is that NSA was (unsurprisingly) collecting records of non-simultaneous telephone transactions. That became an issue when, in 2011, NSA started to age-off 5 year old data, because they would have some communication chains that reflected communications that were more than 5 years old but which were obtained less than 5 years before.

Screen Shot 2015-08-29 at 6.18.57 PM

My guess is this reflects texting chains that continued across days or weeks.

How FISC Amicus Preston Burton Helped Michael Mosman Shore up FISC’s Authority

/3 Comments/in /by

On November 24, Judge Michael Mosman approved the government’s request to hold onto the Section 215 phone dragnet data for technical assurance purposes for three months, as well as to hold the data to comply with a preservation order in EFF’s challenge to the phone dragnet (though as with one earlier order in this series, Thomas Hogan signed the order for Mosman, who lives in Oregon). While the outcome of the decision is not a surprise, the process bears some attention, as it’s the first time a truly neutral amicus has been involved in the FISC process (though corporations, litigants, and civil rights groups have weighed in various decisions as amici).

In addition to Mosman’s opinion, the FISC released amicus Preston Burton’s memo and the government’s response on December 2; I suspect there may be a Burton reply they have not released.

Minimization procedures

As I noted in September when Mosman first appointed Burton, it wasn’t entirely clear what the FISC was asking him to review. In his order, Mosman explains that he “directed him to address whether the government’s above-described requests to retain and use BR metadata after November 28, 2015, are precluded by section 103 of the USA FREEDOM Act or any other provision of that Act.”

Burton took this to be largely a question about minimization procedures.

Instead, the Act provides that the Court shall decide issues concerning the use, retention, dissemination, and eventual destruction of the tangible things collected under the FISA business records statute as part of its oversight of the statutorily mandated minimization procedures.

He then pointed to a number of the FISC’s more assertive oversight moments over the NSA to argue that the FISC has fairly broad authorities to review minimization procedures.

Although the government is required to enumerate minimization procedures addressing the use, retention, dissemination, and (now) ultimate destruction of the metadata in its applications to the Court, the Court’s review of those procedures is not simply ministerial. And, indeed, Judge Walton’s 2009 orders, cited above, addressing deficiencies in the administration of the call detail record program made clear that the FISA Court may impose more robust minimization procedures. See also Kris, Bulk Collection at 15-17 (discussing FISA Court’s imposition of new restrictions to the telephony program). Likewise, the Court may decline to endorse procedures sought by the government See Opinion at 11-2, In re Application of the FBI for an Order Requiring the Production of Tangible Things, Docket No. BR 14-01 (March 7, 2014) (denying the government’s motion to modify the minimization procedures), amended, Opinion at S, Jn re Application of the FBI/or an Order Requiring the Production a/Tangible Things, Docket No. BR 14-01(March12, 2014). Similarly, Judge Bates found substantial deficiencies in the NSA’ s minimization procedures in Jn Re [Redacted}, 2011 WL l 0945618, at *9 (FISA Ct. Oct. 3, 2011) (Bates J.) (fmding NSA minimization procedures insufficient and inconsistent with the Fourth Amendment). As a result, the NSA amended its procedures, including reducing the data retention in issue in that case (under a differentFISA statute) from five to two years. See In Re [Redacted], 2011WL10947772, at •s (FISA Ct. Nov. 30, 2011) (Bates J.).

Particularly in the case of the two PRTT orders, the government has actually challenged FISC’s roles in imposing minimization procedures (though admittedly FISC’s role under that authority is less clear cut than under Section 215).

Burton argued that USA Freedom Act (which he abbreviated USFA) made that role even stronger.

But the USFA augmented this minimization review authority even more and dispels any suggestion that the Court may not modify the minimization procedures articulated in the government’s application. The statute’s fortification of Judicial Review provisions makes clear that Congress intended for the FISA Court to oversee these issues in the context of imposing minimization procedures that balance the government’s national security interests with privacy interests, including specifically providing for the prompt destruction of tangible things produced under the business records provisions.10 Significantly, USF A § 104 empowers the Court to assess and supplement the government’s proposed minimization procedures:

Nothing in this subsection shall limit the authority of the court established under section 103(a) to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination of nonpublicly available information concerning unconsenting United States persons, including additional particularized procedures related to the destruction of information within a reasonable time period. USFA § 104 (a)(3) (now codified at 50 U.S.C. §1861(g)(3)(emphasis supplied).

That provision applies to all information the government obtains under the business records procedure, not just call detail records. u Moreover, that amendment, set forth in USFA § 104, went into effect immediately, unlike the 180-day transition period for the revisions to the business records sections. See USFA § 109 (amendments made by §§ 101-103 take effect 180 days after enactment).12

As I said, that’s the kind of argument the government has been arguing against for 11 years, most notably in the two big Internet dragnet reauthorizations (admittedly, FISC’s role in minimization procedures there is less clear, but there is similar language about not limiting the authority of the court).

Burton sneaks in some real privacy questions

Having laid out the (as he sees it) expansive authority to review minimization procedures, Burton then does something delightful.

He poses a lot of questions that should have been asked 9 years ago.

Because of the significant privacy concerns that motivated Congress to amend the bulk collection provisions of the statute, however, the undersigned respectfully submits that, the Court should consider requiring the government to answer more fully fundamental questions regarding:

  • The current conditions, location, and security for the data archive.
  • The persons and entities to whom the NSA has given access to information provided under this program and whether that shared information will also be destroyed under the NSA destruction plan (and, if not, why not?).
  • What oversight is in place to ensure that access to the database is not “analytical” and what the government means by “non-analytical.”
  • Why testing of the adequacy of new procedures was not completed by the NSA (and whether it was even initiated) during the 180-day transition period.
  • How the government intends to destroy such information after February 29, 2016, (its proposed extinction date for the database) independent of the resolution of any litigation holds.
  • Whether the contemplated destruction will include only data that the government has collected or will include all data that it has analyzed in some fashion.

Remember, by the time Burton wrote this, he had read at least the application for the final dragnet order, and the answers to these questions were not clear from that (which is where the government lays out its more detailed minimization procedures). Public releases have made me really concerned about some of them, such as how to protect non-analytical queries from being used for analytical purposes. NSA has had tech people do analytical queries in the past, and it doesn’t audit tech activities. Similarly, when the NSA destroyed the Internet dragnet data in 2011, NSA’s IG wasn’t entirely convinced it all got destroyed, because he couldn’t see the intake side of things. So these are real issues of concern.

Burton also asked questions about the necessity behind keeping data for the EFF challenges rather than just according the plaintiffs standing.

If this Court chooses to follow Judge Walton’s approach and defer to the preservation orders issued by the other courts, the Court nonetheless should address a number of questions before deciding whether to grant the government’s preservation request:

  • Why has the government been unable to reach some stipulation with the plaintiffs to preserve only the evidence necessary for plaintiffs to meet their standing burden? Consider whether it is appropriate for the government to retain billions of irrelevant call detail records involving millions of people based on, what undersigned understands from counsel involved in that litigation, the government’s stubborn procedural challenges to standing — a situation that the government has fostered by declining to identify the particular telecommunications provider in question and/or stipulate that the plaintiff is a customer of a relevant provided.
  • As Judge Walton identified when he first denied the modification of the minimization procedures to extend the duration of preservation, the continued retention of the data at issue subjects it to risk of misuse and improper dissemination. The government should have to satisfy the Court of the security of this information in plain and meaningful terms.

(Notice how he assumes the plaintiffs might have standing which, especially for First Unitarian Church plaintiff CAIR, they should.)

Finally, perhaps channeling the justified complaint of all the tech people who review these kinds of policy questions, Burton suggested the FISC really ought to be consulting with a tech person.

This case, due to the relatively limited period of time sought by the government to accomplish its stated narrow purpose, likely does not require a difficult assessment of the reasonableness of the government’s technical retention request. To evaluate even such a limited request, however, the Court may wish to consider availing itself of technical expertise from national security experts or computer technology experts. Technical expertise is an amicus category contemplated by Congress in its reform of the FISA statutes. 50 U.S.C. § 1803 (i)(2)(B), as amended by USF A Section 401. That section alone suggests congressional expectation of greater judicial oversight of the government’s surveillance program and requests. See USF A § 401; see also Kris, Bulk Collection at 3 7 (contemplating theoretical procedures for cross-examining NSA engineers as one example of the challenges in implementing a more adversarial system for the FISA Court).

Burton ended his memo reiterating his recommendation that FISC get more information.

In light of the significant privacy interests affected by the creation and retention of the database, the undersigned urges the Court as part of its statutory oversight of the minimization procedures to demand full and meaningful information concerning the condition of the data at issue, the data’s security, and its contemplated destruction as a condition of any retention beyond November 28, 2015.

The government is not amused

Predictably, the government balked at Burton’s invitation to use his expansive reading of the authority of the FISC to review minimization procedures to bolster the current ones.

Amicus curiae’ s analysis of Section 104 of the USA FREEDOM Act could be interpreted as suggesting an opportunity for the Court to re-examine the minimization procedures applicable for other business records productions in this proceeding. Consistent with the Court’s order appointing amicus curiae, the Government has limited its response to the issue identified in that order.

Frankly, I’m not sure what the government distinguishes between Burton’s proposal to reexamine existing minimization procedures and what is covered by the order in question, because they do respond to a number of the questions he raised in his brief.

For example, they provide these details about where the dragnet lives (which, as it turns out, is at Fort Meade, not the UT data center).

As described in the Application in docket number BR 15-99 and prior docket numbers, NSA stores and processes the bulk call detail records in repositories within secure networks under NSA’ s control. Those repositories (servers, networked storage devices, and backup tapes in locked containers) are located in NSA’s secure, access-controlled facilities at Fort George G. Meade, Maryland. As further described in those applications, NSA restricts access to the records to authorized personnel who have received appropriate and adequate training. Electronic access to the call detail records requires a user authentication credential. Physical access to the location where NSA stores and processes the call detail records requires an approval by NSA management and must be conducted in teams of no less than two persons.

Also note that there is currently a requirement that techs access the raw data in two person teams. That is likely a change that post-dates Snowden.

Curiously, the NSA says they can destroy all the phone dragnet data in a month.

NSA anticipates it can complete destruction of the bulk call detail records and related chain summaries within one month of being relieved of its litigation preservation obligations.

They appear to have taken far less time to destroy the Internet dragnet data, further supporting the appearance they did it very hastily to avoid having to report back to John Bates on the status of their dragnet.

Finally, they make clear what had already been clear to me: the existing query results will remain at NSA.

Information obtained or derived from call detail records which has been previously disseminated in accordance with approved minimization procedures will not be recalled or destroyed.2 Also, select query results generated by pre-November 29, 2015, queries of the bulk records that formed the basis of a dissemination in accordance with approved minimization procedures will not be destroyed.

2 This practice does not differ from similar circumstances where, for example Court-authorized electronic surveillance and/or physical search authorities under Title I or III expire. While raw (unminimized) information is handled and destroyed in accordance with applicable minimization procedures, prior authorized disseminations and the material underpinning those disseminations are not recalled or otherwise destroyed.

This means that everyone within two or three degrees of a target that the NSA has found interesting — potentially over the last decade — will remain available and subject to NSA’s analytical toys from here on out.

Let’s hope CAIR gets standing to challenge what has happened to their IDs then.

Which may be why the government gets snippiest in response to Burton’s question about why they’re going to keep billions of phone records rather than just reach some accommodation with EFF.

The suggestions by amicus curiae that this Court address (or perhaps even resolve) significant substantive questions at issue in underlying civil litigation,, see Amicus Mem. of Law at 27, are exactly the kinds of inquiries the Court previously recognized were inappropriate for it to resolve. Opinion and Order, docket number BR 14-01at5 (“it is appropriate for [the district court for the Northern District of California], rather than the FISC, to determine what BR metadata is relevant to that litigation”). This Court should adopt the same view. In particular, the suggestion that the Government disclose national security information concerning the identity of providers, information subject to a pending state secrets privilege assertion, is inappropriate, and the suggestion by amicus that the government stipulate to Article III standing in those cases is unfounded as a matter of law. Finally, the suggestion that preservation of bulk call detail records can be limited solely to the plaintiffs in multiple pending putative class actions is entirely unworkable. For the reasons more particularly set out above, until the Government is relieved of its preservation obligations, the data is secure.

Which leads me to the detail that makes me suspect there’s a second Burton filing the government hasn’t released (I’ve asked NSD but gotten no answer, and in his opinion Mosman says only “Mr. Burton and the government submitted briefs addressing this question,” leaving open the possibility Burton submitted two): After finding no reason to hold a hearing on the issue of restarting the dragnet during the summer, Mosman did hold a hearing here (though it’s not clear whether Burton attended or not). At the hearing, Mosman ordered the government to try to come up with a way to destroy the dragnets, which it will do by January 8.

During the hearing held on November 20, 2015, the Court directed the government to submit its assessment of whether the cessation of bulk collection on November 28, 2015, will moot the claims of the plaintiffs in the Northern District of California litigation relating to the BR Metadata program and thus provide a basis for moving to lift the preservation orders. The Court further directed the government to address whether, even if the California plaintiffs’ claims are not moot, there might be a basis for seeking to lift the preservation orders with respect to the BR Metadata that is not associated with the plaintiffs. The government intends to make its submission on these issues by January 8, 2016.

And, as Mosman’s opinion makes clear, he ordered them to write up a free-standing copy of the minimization procedures that will govern the dragnet data retained from here on out.

The minimization procedures that the government proposes using after the production ceases on November 28, 2015 are in important respects substantially more restrictive than those currently in effect. The procedures that will apply after November 28, which were initially included as part of the broader set of procedures set forth in the application, were resubmitted by the government in a standalone document on November 24, 2015 (“November 24, 2015 Minimization Procedures”).

They would have submitted them on the day Mosman (via Hogan’s signature) approved the request to keep the data. In other words, Mosman made the government generate a document to make it crystal clear the more restrictive rules apply to the dragnet going forward.

The value of the amicus

Whether it was Mosman’s intent when he appointed Burton or not (remember, for better and worse, under USAF the amicus has to do what the FISC asks), his appointment served several purposes.

First, it set Mosman up to make it very clear that the FISC sees the minimization procedures required under USAF do give the FISC expanded authority.

The USA FREEDOM Act made several minimization-related changes to Section 1861. For instance, Section 1861 now provides that, before granting a business records application, the Court must expressly find that the minimization procedures put forth by the government “meet the definition ofminimiz.ation procedures under subsection (g).” See Pub. L. No. 114-23, § 104(a)(l), 129 Stat. at 272. This change is not substantive, however, as such a finding was previously implicit in the broader finding required by Section 1861 ( c )(1) – i.e, “that the application meets the requirements of subsection (a) and (b).” Among the requirements of subsection (b) was – and still is – the requirement that the application include an enumeration of Attorney General-approved minimization procedures that meet the definition set forth in subsection (g). Another change is the addition of a “rule of construction” confirming the Court’s authority “to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination” of certain information regarding United States persons, including “procedures related to the destruction of information within a reasonable time period.” See id. § 104(a)(2), 129 Stat. at 272. A third new provision that takes effect on November 29, 2015, states that orders compelling the ongoing, targeted production of “call detail records” must direct the government to adopt minimization procedures containing certain requirements relating to the destruction of such records. See id Pub. L. No. 114-23, § 10l(b)(3)(F)(vii), 129 Stat. at 270-71.

Remember, it took 7 years — including 4 years of FISC-imposed minimization requirements and reviews — before the government met the requirements of the law as passed in 2006. Significantly, Burton got a classified version of the IG report laying out that delay to read, so he surely knows more about that delay than we do.

In addition, Burton set up the FISC to demand more assurances from the government and — potentially — to push it to come to some more reasonable accommodation with EFF than they otherwise might. Remember, when presiding over the criminal case of Raez Qadir Khan, Mosman was going to grant CIPA discovery on the surveillance used to catch Khan, some of which almost certainly included one (Stellar Wind) or another (the PRTT Internet dragnet) of the illegal dragnets, which led almost immediately to a plea deal.

I’m, frankly, pleasantly surprised. Whether it was Mosman’s intent or not, even picking someone without an obvious brief for privacy, Burton helped Mosman shore up the authority of the FISC to ride herd over government spying (and given Judge Hogan’s involvement along the way, he presumably did so with the assent of the presiding FISC judge).

In any case, Mosman was happy with how it all worked out, as he included this footnote in his opinion.

The Court wishes to thank Mr. Burton for his work in this matter. His written and oral presentations were extremely informative to the Court’s consideration of the issues addressed herein. The Court is grateful for his willingness to serve in this capacity.

John Bates, speaking inappropriately on behalf of the FISA Court during USAF debates, squealed mightily about the role an amicus had. Admittedly, the current form is closer to what Bates (who I’ve always suspected was speaking on behalf of John Roberts more than the court) wanted than what reformers wanted.

But at least in this instance, the amicus helped the FISC shore up its authority vis a vis the government.

Update: Richard Posey notes the reference to Burton’s “oral” presentations in the thank you footnote, which suggests he was at the November 20 hearing.  Read more

Another Probable Reason to Shut Down the Internet Dragnet: Dissemination Restrictions

/1 Comment/in /by

Screen Shot 2015-11-27 at 10.27.12 PMI noted the other day that an NSA IG document liberated by Charlie Savage shows the agency had 4 reasons to shut down the domestic Internet (PRTT) dragnet, only one of which is the publicly admitted reason — that NSA could accomplish what it needed to using SPCMA and FAA collection.

I’m fairly sure another of the reasons NSA shut down the dragnet is because of dissemination restrictions that probably got newly reinvigorated in mid-2011.

I laid out a timeline of events leading up to the shutdown of the Internet dragnet here. I’ve added one date: that of the draft training program, several modules of which are dated October 17, 2011, released under FOIA (given other dates in the storyboard, the program had clearly been in development as early as November 2010). How odd is that? The NSA was just finalizing a training program on the Internet (and phone) dragnet as late as 6 weeks before NSA hastily shut it down starting in late November 2011. The training program — which clearly had significant Office of General Counsel involvement — provides a sense of what compliance issues OGC was emphasizing just as NSA decided to shut down the Internet dragnet.

The training program was done in the wake of two things: a series of audits mandated by the FISA Court (see PDF 36) that lasted from May 2010 until early 2011, and the resumption of the PRTT Internet dragnet between July and October 2010.

The series of audits revealed several things. First, as I have long argued was likely, the technical personnel who monitor the data for integrity may also use their access to make inappropriate queries, as happened in an incident during this period (see PDF 95 and following); I plan to return to this issue. In addition, at the beginning of the period — before a new selector tracking tool got introduced in June 2010 — NSA couldn’t track whether some US person selectors had gotten First Amendment review. And, throughout the audit period, the IG simply didn’t review whether less formalized disseminations of dragnet results followed the rules, because it was too hard to audit. The final report summarizing the series of audits from May 2011 (as well as the counterpart one covering the Internet dragnet) identified this as one of the weaknesses of the program, but NSA wanted to manage it by just asking FISC to eliminate the tracking requirements for foreign selectors (see PDF 209).

Screen Shot 2015-11-29 at 9.36.44 AM

I found this blasé attitude about dissemination remarkable given that in June 2009, Reggie Walton had gotten furious with NSA for not following dissemination restrictions, after which NSA did it again in September 2009, and didn’t tell Walton about it, which made him furious all over again. Dissemination restrictions were something Walton had made clear he cared about, and NSA IG’s response was simply to say auditing for precisely the kind of thing he was worried about — informal dissemination — was too hard, so they weren’t going to do it, not even for the audits FISC (probably Walton himself) ordered NSA to do to make sure they had cleaned up all the violations discovered in 2009.

Meanwhile, when NSA got John Bates to authorize the resumption of the dragnet (he signed the order in July 2010, but it appears it didn’t resume in earnest until October 2010), they got him to approve the dissemination of PRTT data broadly within NSA. This was a response to a Keith Alexander claim, made the year before, that all product lines within NSA might have a role in protecting against terrorism (see PDF 89).

Screen Shot 2015-11-29 at 10.00.59 AM

In other words, even as NSA’s IG was deciding it couldn’t audit for informal dissemination because it was too hard to do (even while acknowledging that was one of the control weaknesses of the program), NSA asked for and got FISC to expand dissemination, at least for the Internet dragnet, to basically everyone. (The two dragnets appear to have been synched again in October 2010, as they had been for much of 2009, and when that happened the NSA asked for all the expansions approved for the Internet dragnet to be applied to the phone dragnet.)

Which brings us to the training program.

There are elements of the training program that reflect the violations of the previous years, from an emphasis on reviewing for access restrictions to a warning that tech personnel should only use their sysadmin access to raw data for technical purposes, and not analytical ones.

But the overwhelming emphasis in the training was on dissemination — which is a big part of the reason the NSA used the program to train analysts to rerun PATRIOT-authorized queries under EO 12333 so as to bypass dissemination restrictions. As noted in the screen capture above, the training program gave a detailed list of the things that amounted to dissemination, including oral confirmation that two identifiers — even by name (which of course confirms that these phone numbers are identifiable to analysts) — were in contact.

In addition, any summary of that information would also be a BR or PR/TT query result. So, if you knew that identifier A belonged to Joe and identifier B belonged to Sam, and the fact of that contact was derived from BR or PR/TT metadata, if you communicate orally or in writing that Joe talked to Sam, even if you don’t include the actual e-mail account or telephone numbers that were used to communicate, this is still a BR or PR/TT query result.

The program reminded that NSA has to report every dissemination, no matter how informal.

This refers to information disseminated in a formal report as well as information disseminated informally such as written or oral collaboration with the FBI. We need to count every instance in which we take a piece of information derived from either of these two authorities and disseminate it outside of NSA.

Normally an NSA product report is the record of a formal dissemination. In the context of the BR and PR/TT Programs, an official RFI response or Analyst Collaboration Record will also be viewed as dissemination. Because this FISC requirement goes beyond the more standard NSA procedures, additional diligence must be given to this requirement. NSA is required to report disseminations formal or informal to the FISC every 30 days.

I’m most interested in two other aspects of the training. First, it notes that not all queries obtained via the dragnet will be terrorism related.

It might seem as though the information would most certainly be counterterrorism-related since, due to the RAS approval process, you wouldn’t have this U.S. person information from a query of BR or PR/TT if it weren’t related to counterterrorism. In the majority of cases, it will be counterterrorism-related; however, the nature of the counterterrorism target is that it often overlaps with several other areas that include counternarcotics, counterintelligence, money laundering, document forging, people and weapons trafficking, and other topics that are not CT-centric. Thus, due to the fact that these authorities provide NSA access to a high volume of U.S. person information for counterterrorism purposes, the Court Order requires an explicit finding that the information is in fact related to counterterrorism prior to dissemination. Therefore, one of the approved decision makers must document the finding using the proper terminology. It must state that the information is related to counterterrorism and that it is necessary to understand the counterterrorism information.

Remember, this training was drafted in the wake of NSA’s insistence that all these functional areas needed to be able to receive Internet dragnet data, which, of course, was just inviting the dissemination of information for reasons other than terrorism, especially given FISC’s permission to use the dragnet to track Iranian “terrorism.” Indeed, I still think think it overwhelmingly likely Shantia Hassanshahi got busted for proliferation charges using the phone dragnet (during a period when FISC was again not monitoring NSA very closely). And one of the things NSA felt the need to emphasize a year or so after NSA started being able to share this “counterterrorism” information outside of its counterterrorism unit was that they couldn’t share information about money laundering or drug dealing or … counterproliferation unless there was a counterterrorism aspect to it. Almost as if it had proven to be a problem.

The training program warns that results may not be put into queriable tools that untrained analysts have access to.

Screen Shot 2015-11-29 at 1.54.44 PM\

Note the absolutely hysterical review comment that said there’s no list of which tools analysts couldn’t use with 215 and PRTT dragnet results. Elsewhere, the training module instructs analysts to ask their manager, which from a process standpoint is a virtual guarantee there will be process violations.

This is interesting for two reasons. First, it suggests NSA was still getting in trouble running tools they hadn’t cleared with FISC (the 215 IG Reports also make it clear they were querying the full database using more than just the contact-chaining they claim to have been limited to). Remember there were things like a correlations tool they had to shut down in 2009.

But it’s also interesting given the approval, a year after this point, of an automatic alert system for use with the phone dragnet (which presumably was meant to replace the illegal alert system identified in 2009).

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. The database places the results of these queries together in a repository called the “corporate store.”

The ultimate result of the automated query process is a repository, the corporate store, containing the records of all telephone calls that are within three “hops” of every currently approved selection term.69 Authorized analysts looking to conduct intelligence analysis may then use the records in the corporate store, instead of searching the full repository of records.70

That is, in 2011, NSA was moving towards such an automated system, which would constitute a kind of dissemination by itself. But it wasn’t there yet for the PATRIOT authorized collection. Presumably it was for EO 12333 collection.

As it happened, NSA never did fulfill whatever requirements FISC imposed for using that automatic system with phone dragnet information, and they gave up trying in February 2014 when Obama decided to outsource the dragnet to the telecoms. But it would seem limits on the permission to use other fancy tools because they would amount to dissemination would likely limit the efficacy of these dragnets.

Clearly, in the weeks before NSA decided to shut down the PRTT dragnet, its lawyers were working hard to keep the agency in compliance with rules on dissemination. Then, they stopped trying and shut it down.

Both the replacement of PRTT with SPCMA and 702, and the replacement of the 215 dragnet with USAF, permit the government to disseminate metadata with far looser restrictions (and almost none, in the case of 702 and USAF metadata). It’s highly likely this was one reason the NSA was willing to shut them down.