A few weeks ago, I laid out how the Keith Gartenlaub case made child pornography foreign intelligence information. I showed how the FBI moved back and forth from a criminal to a FISA to a criminal warrant, only to try to use evidence of child pornography to get Gartenlaub to flip on his Chinese in-laws regarding suspected spying.
In this post, I want to lay out circumstantial evidence that Section 702 was used in the case — probably to spy on communications of Gartenlaub’s Chinese in-laws as well as his communications with them. This is circumstantial, but important, particularly given FBI Director Christopher Wray’s claims last Friday that 702 doesn’t include child pornography and has only been used in counterterrorism cases.
FBI cites his communications on PRISM providers to obtain warrant for domestic records from those providers
The first reason to believe FBI used Section 702 with Gartenlaub is that the first warrant affidavit in the case, used to obtain his and his wife’s Yahoo and Google account data, looks like typical parallel construction. It provides a means to get the content from specific PRISM providers based in large part on the use of those providers to communicate with people in China.
The GARTENLAUB SUBJECT ACCOUNT, [email protected], is used by Keith Gartenlaub at work and at home based on information provided by Boeing regarding the use of his Boeing issued laptop computer . Information obtained from a court-authorized pen register and trap and trace device shows that he is in contact with a China based email account using a Shanghai IP address seven times since March 2013. The GARTENLAUB SUBJECT ACCOUNT is also used to communicate with his wife, as reflected in the results of a pen register and trap and trace device. Emails are also forwarded from Gartenlaub‘s Boeing e-mail account to the GARTENLAUB SUBJECT ACCOUNT, evidence of which exists on the results of the data pen and trap and trace device.
Given that this was a spying case, the Chinese interlocutors would have been solid Section 702 targets. Though, remarkably, nowhere in the unclassified legal documents does the government do anything more than cite him saying his wife’s family was “well connected” to explain who those suspected spying recruiters were.
Gartenlaub stated he never had to worry about his security while traveling in China because his wife’s family is “well connected.” Gartenlaub did not elaborate on what connections she has.
To get the later (or earlier!) FISA order, the FBI would have had to detail who in China he was talking about. And to get that they likely would have used 702.
The mysterious absence of Skype in evidence
In addition to Google and Yahoo, the affidavit asking for Google and Yahoo content also described his most frequent communications with people in China taking place on Skype.
I have also reviewed the records provided by Skype for the account subscribed to Keith Gartenlaub. Those records showed that in the period ‘of April 2011 to March 2013, the account contacted other accounts based in China approximately once every three days, on average. (Gartenlaub was interviewed on February 7 , 8, and 22, 2013). After Gartenlaub was contacted by the FBI to set up an interview, the Skype account subscribed to Gartenlaub contacted accounts based in China approximately three times per day 1 on average.
His contact with Chinese-based Skype accounts spiked as soon as he was contacted by the FBI about the C– 17 investigation;
But not only does the affidavit not ask for a warrant for Skype (as part of Microsoft, a PRISM provider), as best I can tell no Skype data ever got introduced at trial.
In other words, a key reason they suspected Gartenlaub — his discussions with elites in China — never made it into the case in chief.
Which may be how they avoided giving him his legally mandated 702 notice.
The timing of the Section 702 NCMEC change
Then there’s the most obvious reason to think that Gartenlaub’s prosecution implicates Section 702: the coincidence between the the change in Section 702’s minimization procedures, as it pertains to sharing with the Center for Missing and Exploited Children, and the date of his arrest.
The government changed the standard minimization procedures for individualized FISA orders on August 11, 2014. Then, citing back to this earlier change, FISC approved an equivalent change in the Section 702 minimization procedures on August 26, 2014. The next day, the government arrested Gartenlaub. Particularly given how long they had had the child porn from the January 2014 search, it seems likely they waited until all relevant authorities included NCMEC permission before arresting him based off information that clearly relied on FISA information, if not earlier 702 information.
Mind you, the change in the 702 minimization procedures would only be necessary to cover Gartenlaub’s case if the government had found some evidence of the child porn before the FISA search. I can’t think of any way they could have done that unless they found him sharing porn with targeted people in China. That shouldn’t be possible — not according to regular targeting rules, anyway.
Still, the timing does make me think the government wanted both sets of minimization procedures available in time for the arrest.
Whatever the case, given how easily the government could have targeted Gartenlaub’s in-laws, and given the PRISM providers implicated (both in the known discovery and the missing Skype communications), I think it highly likely the government used Section 702 as part of this case.
Even if they didn’t provide notice.