Posts

Why DOJ Withheld the Correlations Opinion: The DC Circuit’s Mosaic

On January 9, 2014, the government appealed Judge Richard Leon’s decision finding the phone dragnet in Klayman v. Obama to the DC Circuit.

The DC Circuit, of course, is the court that issued US. v Maynard in 2010, the first big court decision backing a mosaic theory of the Fourth Amendment. And while the panel that ultimately heard the Klayman appeal included two judges who voted to have the entire circuit review Maynard, the circuit precedent in Maynard includes the following statement.

As with the “mosaic theory” often invoked by the Government in cases involving national security information, “What may seem trivial to the uninformed, may appear of great moment to one who has a broad view of the scene.” CIA v. Sims, 471 U.S. 159, 178 (1985) (internal quotation marks deleted); see J. Roderick MacArthur Found. v. F.B.I., 102 F.3d 600, 604 (D.C. Cir. 1996). Prolonged surveillance reveals types of information not revealed by short-term surveillance, such as what a person does repeatedly, what he does not do, and what he does ensemble. These types of information can each reveal more about a person than does any individual trip viewed in isolation. Repeated visits to a church, a gym, a bar, or a bookie tell a story not told by any single visit, as does one‘s not visiting any of these places over the course of a month. The sequence of a person‘s movements can reveal still more; a single trip to a gynecologist‘s office tells little about a woman, but that trip followed a few weeks later by a visit to a baby supply store tells a different story.* A person who knows all of another‘s travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts.

With that precedent, the DC Circuit is a particularly dangerous court for the Administration to review a dragnet that aspires to collect all Americans’ call records and hold them for 5 years.

On March 31, 2014, the government submitted a motion for summary judgment in EFF’s FOIA for Section 215 documents with an equivalent to the ACLU. One of the only things the government specifically withheld — on the grounds that it described a dragnet analysis technique it was still using — was an August 20, 2008 FISC opinion authorizing the technique in question, which it did not name.

Two days before FISC issued that August 20, 2008 opinion, the NSA was explaining to the court how it made correlations between identifiers to contact chain on all those identifiers. Two days is about what we’ve seen for final applications before the FISC rules on issues, to the extent we’ve seen dates, suggesting the opinion is likely about correlations.

Here’s how the government described correlations, in various documents submitted to the court in 2009.

They define what a correlated address is (and note, this passage, as well as other passages, do not limit correlations to telephone metadata — indeed, the use of “address” suggests correlations include Internet identifiers).

The analysis of SIGINT relies on many techniques to more fully understand the data. One technique commonly used is correlated selectors. A communications address, or selector, is considered correlated with other communications addresses when each additional address is shown to identify the same communicant as the original address.

They describe how the NSA establishes correlations via many means, but primarily through one particular database.

NSA obtained [redacted] correlations from a variety of sources to include Intelligence Community reporting, but the tool that the analysts authorized to query the BR FISA metadata primarily used to make correlations is called [redacted].

[redacted] — a database that holds correlations [redacted] between identifiers of interest, to include results from [redacted] was the primary means by which [redacted] correlated identifiers were used to query the BR FISA metadata.

They make clear that NSA treated all correlated identifiers as RAS approved so long as one identifier from that user was RAS approved.

In other words, if there: was a successful RAS determination made on any one of the selectors in the correlation, all were considered .AS-a. ,)roved for purposes of the query because they were all associated with the same [redacted] account

And they reveal that until February 6, 2009, this tool provided “automated correlation results to BR FISA-authorized analysts.” While the practice was shut down in February 2009, the filings make clear NSA intended to get the automated correlation functions working again,

While it’s unclear whether this screen capture describes the specific database named behind the redactions in the passages above, it appears to describe an at-least related process of identifying all the equivalent identities for a given target (in this case to conduct a hack, but it can be used for many applications).

Correlations

If I’m right that the August 20, 2008 memo describes this correlations process, it means one of the things the government decided to withhold from EFF and ACLU (who joined Klayman as amici) after deciding to challenge Leon’s decision in a court with a precedent of recognizing a mosaic theory of the Fourth Amendment was a document that shows the government creates a mosaic of all these dragnets.

It’s not just a phone dragnet (and it’s not just US collected phone records). It’s a domestic and internationally-collected phone and Internet and other metadata dragnet, and after that point, if it sucks you into that dragnet, it’s a financial record and other communications dragnet as well (for foreigners, I imagine, you get sucked in first, without an interim stage).

Even though both Janice Rogers Brown and David Sentelle voted to reconsider the mosaic theory in 2010, Sentelle’s questions seemed to reflect a real concern about it. Unsurprisingly, given that he authored a fairly important opinion in US v Quartavious Davis holding that the government needed a warrant to get stored cell site location data while he was out on loan to the 11th Circuit earlier this year, his questions focused on location.

Sentelle: What information if any is gathered about the physical location of wireless callers, if anything? Cell tower type information.

Thomas Byron: So Judge Sentelle, what is not included. Cell tower information is not included in this metadata and that’s made clear in the FISC orders.  The courts have specified that it’s not included.

Note how Byron specified that “cell tower information is not included in this metadata”? Note how he also explains that the FISC has specified that CSLI is not included, without explaining that that’s only been true for 15 months (meaning that there may still be incidentally collected CSLI in the databases). Alternately, if the NSA gets cell location from the FBI’s PRTT program (my well-educated guess is that the FBI’s unexplained dragnet — the data from which it shares with the NSA — is a Stingray program), then that data would get analyzed along with the call records tied to the same phones, though it’s not clear that this location data would be available from the known but dated metadata access, which is known only to include Internet, and EO 12333 and BRFISA phone metadata).

Stephen Williams seemed even more concerned with the Maynard precedent, raising it specifically, and using it to express concern about the government stashing 5 years of phone records.

Williams: Does it make a significant difference that these data are collected for a five year period.

Byron’s response was particularly weak on this point, trying to claim that the government’s 90-day reauthorizations made the 5 years of data that would seem to be clearly unacceptable under Maynard (which found a problem with one week of GPS data) acceptable.

Byron: It’s not clear in the record of this case how much time the telephone companies keep the data but the point is that there’s a 90 day period during which the FISC orders are operative and require the telephone companies to turn over the information from their records to the government for purposes of this program. Now the government may retain it for five years but that’s not the same as asking whether the telephone company must keep it for five years.

Williams: How can we discard the five year period that the government keeps it?

Williams also, later, asked about what kind of identities are involved, which would also go to the heart of the way the government correlates identities (and should warrant questions about whether the government is obtaining Verizon’s supercookie).

Byron expressed incredible (as in, not credible) ignorance about how long the phone companies keep this data; only AT&T keeps its data that long. Meaning the government is hoarding records well beyond what users should have an expectation the third party in question would hoard the data, which ought to eliminate the third party justification by itself.

Janice Rogers Brown mostly seemed to want things to be easy, one bright line that cops could use to determine what they could and could not obtain. Still, she was the only one to raise the other kinds of data the government might obtain.

JRB: Does it matter to whom the record has been conveyed. For instance, medical records? That would be a third party’s record but could you draw the same line.

Byron: Judge Brown, I’m glad you mentioned this because it’s really important to recognize in the context of medical records just as in the context, by the way, of telephone records, wiretap provisions, etcetera, Congress has acted to protect privacy in all of these areas. For example, following the Miller case, Congress passed a statute governing the secrecy of bank records. Following the Smith case, Congress passed a statute governing wiretaps. HIPAA, in your example, Judge Brown, would govern the restrictions, would impose restrictions on the proper use of medical information. So too here, FISA imposes requirements that are then enforced by the Foreign Intelligence Surveillance Court. And those protections are essential to understanding the program and the very limited intrusion on any privacy interest.

While Byron had a number of very misleading answers, this probably aggravated me the most. After all, the protections that Congress created after the Miller case and the Smith case were secretly overridden by the FISC in 2008 and 2010, when it said limitations under FISA extended for NSLs could also be extended for 215 orders. And we have every reason the government could, if not has, obtained medical records if not actual DNA using a Section 215 order; I believe both would fall under a national security exception to HIPAA. Thus, whatever minimization procedures FISC might impose, it has, at the same time blown off precisely the guidelines imposed by Congress.

The point is, all three judges seemed to be thinking — to a greater or lesser extent — of this in light of the Maynard precedent, Williams particularly so. And yet because the government hid the most important useful evidence about how they use correlations (though admittedly the plaintiffs could have submitted the correlations data, especially in this circuit), the legal implications of this dragnet being tied to other phone and Internet dragnets and from there more generalized dragnets never got discussed.

Don’t get me wrong. Larry Klayman likely doomed this appeal in any case. On top of being overly dramatic (which I think the judges would have tolerated), he misstated at least two things. For example, he claimed violations reported at the NSA generally happened in this program alone. He didn’t need to do that. He could have noted that 3,000 people were dragnetted in 2009 without the legally required First Amendment review. He could have noted 3,000 files of phone dragnet data were not destroyed in timely fashion, apparently because techs were using the real data on a research server. The evidence to show this program has been — in the past at least — violative even of the FISC’s minimization requirements is available.

Klayman also claimed the government was collecting location data. He got caught, like a badly prepared school child, scrambling for the reference to location in Ed Felten’s declaration, which talked about trunk location rather than CSLI.

In substantive form, I don’t think those were worse than Byron’s bad evasions … just more painful.

All that said, all these judges — Williams in particular — seemed to want to think of this in terms of how it fit in a mosaic. On that basis, the phone dragnet should be even more unsustainable than it already is. And some of that evidence is in the public record, and should have been submitted into the record here.

Still, what may be the most important part of the record was probably withheld, by DOJ, after DOJ decided it was going to appeal in a circuit where that information would have been centrally important.

The Klayman Hearing: Everyone Can Stand If DOJ Has the Backbone

Update: See this post, which explains that I’m wrong about the timing of Verizon’s different approach to production than AT&T. And that difference precedes Verizon’s withdrawal from the FBI call record program in 2009 — it goes back to 2007.

I’m finally getting around to listening to the Klayman v. Obama hearing from the other day, which you can listen to here. I’ll have more to say on it later. But my impression is that — because of the incomplete reporting of a bunch of NSA beat reporters — Klayman may be improperly thrown out on standing because he is only a Verizon cell customer, not a Verizon landline customer.

Back on June 14, 2013, the WSJ reported that Verizon Wireless and T-Mobile don’t turn over records under the phone dragnet, but that the government obtains those records anyway as they travel across the domestic backbone, largely owned by AT&T and Verizon Business Services.

The National Security Agency’s controversial data program, which seeks to stockpile records on all calls made in the U.S., doesn’t collect information directly from T-Mobile USA and Verizon Wireless, in part because of their foreign ownership ties, people familiar with the matter said.

The blind spot for U.S. intelligence is relatively small, according to a U.S. official. Officials believe they can still capture information, or metadata, on 99% of U.S. phone traffic because nearly all calls eventually travel over networks owned by U.S. companies that work with the NSA.

[snip]

Much of the U.S.’s telecom backbone is owned by two companies: AT&T and Verizon Business Network Services Inc., a U.S. subsidiary of Verizon Communications that it views as a separate network from its mobile business. It was the Verizon subsidiary that was named in the FISA warrant leaked by NSA contractor Edward Snowden to the Guardian newspaper and revealed last week.

When a T-Mobile or Verizon Wireless call is made, it often must travel over one of these networks, requiring the carrier to pay the cable owner. The information related to that transaction—such as the phone numbers involved and length of call—is recorded and can then be passed to the NSA through its existing relationships.

Then, on February 7, 2014, the WSJ (and 3 other outlets) reported something entirely different — that the phone dragnet only collects around 20% of phone records (others reported the number to be a higher amount).

The National Security Agency’s collection of phone data, at the center of the controversy over U.S. surveillance operations, gathers information from about 20% or less of all U.S. calls—much less than previously thought, according to people familiar with the NSA program.

The program had been described as collecting records on almost every phone call placed in the U.S. But, in fact, it doesn’t collect records for most cellphones, the fastest-growing sector in telephony and an area where the agency has struggled to keep pace, the people said.

Over the course of 8 months, the WSJ’s own claim went from the government collecting 99% of phone data (defined as telephony) to the government collecting 20% (probably defining “call data” broadly to include VOIP), without offering an explanation of what changed. And it was not just its own earlier reporting with which WSJ conflicted; aspects of it also conflicted with a lot of publicly released primary documents about what the program has done in the past. Nevertheless, there was remarkably little interest in explaining the discrepancy.

I’m getting a lot closer to being able to explain the discrepancy in WSJ’s reporting. And if I’m right, then Larry Klayman should have standing (though I’m less certain about Anna Smith, who is appealing a suit in the 9th Circuit).

I’m fairly certain (let me caveat: I think this is the underlying dynamic; the question is the timing) the discrepancy arises from the fact that, for the first time ever, on July 19, 2013 (a month after the WSJ’s first report) the FISA Court explicitly prohibited the collection of Cell Site Location Information.

Furthermore, this Order does not authorize the production of cell site location information (CSLI).

We’ve learned several details since February that puts this in context.

First, the NSL IG Report revealed that one of the three providers who had been part of FBI’s onsite call records access from 2003 to 2006 did not renew the contract for that program in 2009.

Company A, Company B, and Company C are the three telephone carriers described in our Exigent Letters Report that provided telephone records to the TCAU in response to exigent letters and other informal requests between 2003 and 2006. As described in our Exigent Letters Report, the FBI entered into contracts with these carriers in 2003 and 2004, which required that the communication service providers place their employees in the TCAU’s office space and give these employees access to their companies’ databases so they could immediately service FBI requests for telephone records. Exigent Letters Report, 20. As described in the next chapter, TCAU no longer shares office space with the telephone providers. Companies A and C continue to serve FBI requests for telephone records and provide the records electronically to the TCAU. Company B did not renew its contract with the FBI in 2009 and is no longer providing telephone records directly to the TCAU. Company B continues to provide telephone records in response to NSL requests issued directly by the field without TCAU’s assistance.

The original WSJ, in retrospect, makes it fairly clear that Company B is Verizon (though I believe it provides the wrong explanation otherwise for Verizon’s inability to provide records, that it was partly foreign owned–though admittedly it only claims to be providing part of the explanation).

Unlike Sprint and AT&T, [Verizon Wireless and T-Mobile] also don’t perform classified work for the government. Such contracts require secure facilities that make cooperating with NSA programs simpler, people familiar with the matter said.

Verizon Associate General Counsel Michael Woods’ response to questions at a hearing earlier this year made it even more clear. He said that Verizon does not keep call detail records — as distinct from billing records — long at all (and they only keep billing records on the landline side for 18 months).

The contract with TCAU, the NSL IG Report (and the earlier Exigent Letters report) makes clear, would require providers to keep records for longer to facilitate some bells and whistles. That’s a big part of what the “make cooperating with NSA programs simpler” is likely about. Therefore, Verizon must be the provider that stopped retaining records in 2009 for the purpose of the government (It also just so happens to be the provider that doesn’t need the government cash as part of its business model). I suspect that TCAU remains closely related to Hemisphere, which may be why when I asked FBI about its participation in that unclassified project, FBI refused to comment at all.

If all that’s right, then AT&T and Sprint retain their call detail records because they have signed a contract with the government to do so. Verizon does not.

That means, at least since 2009, Verizon has been relying on actual call detail records to fulfill its obligations under Section 215, not a database that makes it easier to pull out precisely what the government wants (indeed, I suspect the end of the contract created the problems where Verizon was providing entirely foreign calls along with its domestic calls starting with the May 29, 2009 order).  The business records that Verizon had on hand was a CDR that, in the case of cell phones, necessarily included CSLI.

Verizon is still (the Verizon-specific language remains in the dragnet orders, and they challenged the first order after Leon’s decision in this case) providing records of landline calls that traverse its backbone.

But when FISC made it a violation — rather than just overproduction they otherwise would have and have, in both this and other programs, approved — to provide CSLI, and made that public, it gave Verizon the opportunity to say it had no way to provide the cell data legally.

That’s sort of what the later WSJ report says, though it doesn’t explain why this would be limited in time or why NSA would have a problem when it collects CDRs internationally with CSLI with no problem.

Moreover, the NSA has been stymied by how to remove location data—which it isn’t allowed to collect without getting additional court approval—from U.S. cellphone records collected in bulk, a U.S. official said.

I’m not sure whether it’s the case that Verizon couldn’t very easily pull that CSLI off or not. But I do suspect — particularly for a program that offers no compensation — that Verizon no longer had a legal obligation to. (This probably answers, by the way, how AT&T and Sprint are getting paid here: they’re being paid to keep their CDRs under the old TCAU contracts with the FBI.)

The government repeats over and over that they’re only getting business records the companies already have. Verizon has made it clear it doesn’t have cell call detail records without the location attached. And therefore, I suspect, the government lost its ability to make Verizon comply. That is also why, I suspect, the President claims he needs new legislation to make this happen: because he needs language forcing the providers to provide the CDRs in the form the government wants it in.

If I’m right, though — that the government had 99% coverage of telephony until Claire Eagan specifically excluded cell location — then Klayman should have standing. That’s because Richard Leon’s injunction not only prohibited the government from collecting any new records from Klayman, he also required the government to “destroy any such metadata in its possession that was collected through the bulk collection program.”

Assuming Verizon just stopped providing cell data in 2013 pursuant to Eagan’s order, then there would still be over 3 years of call records in the government’s possession available for search. Which would mean he would still be exposed to the government’s improper querying of his records.

It is certainly possible that Verizon stopped providing cell data once it ended its TCAU contact in 2009. If that’s the case, the government’s hasty destruction of call records in March would probably have eliminated the last of the data it had on Klayman (though not on ACLU, since ACLU is a landline customer as well as a wireless customer).

But if Verizon just stopped handing over cell records in 2013 after Claire Eagan made it impossible for the government to force Verizon to comply with such orders, then Klayman — and everyone else whose records transited Verizon’s backbone — should still have standing.

Update: I provided this further explanation to someone via email.

I should have said this more clearly in the post. But the only way everyone is correct: including WSJ in June, Claire Eagan’s invocation of “substantially all” in July, the PRG’s claims they weren’t getting as much as thought in December, and WSJ’s claims they weren’t much at all in February, is if Verizon shut down cell collection sometime during that period. The July order and the aftermath would explain that.

I suspect the number is now closer to 50-60% of US based telephony records within the US (remember, on almost all international traffic, there should be near duplication, because they’re collecting that at scale offshore), but there’s also VOIP and other forms of “calls” and texts that they’re not getting, which is how you get down to the intentionally alarmist 20%. One reason I think Comey’s going after Apple is because iMessage is being carved out, and Verizon is already pissed, so he needs to find a way to ensure that Apple doesn’t get a competitive advantage over Verizon by going through WiFi that may not be available to Verizon because it is itself the backbone. But if you lose both Verizon’s cell traffic AND any cell traffic they carry, you lose a ton of traffic.
That gets you to the import of the FBI contract. It is a current business purpose of AT&T and Sprint to create a database that they can charge the FBI to use to do additional searching, including location data and burner phones and the like. AT&T’s version of this is probably Hemisphere right now (thus, in FBI-speak, TCAU would be Hemisphere), meaning they also get DEA and other agencies to pay for it. In that business purpose, the FBI is a customer of AT&T and Sprint’s business decision to create its own version of the NSA’s database, including all its calls as well as things like location data the FBI can get so on individualized basis.
Verizon used to choose to pursue this business (this is the significance, I think, of the government partially relying on a claim to voluntary production, per Kris). In 2009, they changed their business approach and stopped doing that. So they no longer have a business need to create and keep a database of all its phone records.
What they do still have are SS7 routing records of all traffic on their backbone, which they need to route calls through their networks (which is what AT&T uses to build their database). That’s the business record they use to respond to their daily obligations.
But there seem to be two likely reasons why the FISC can’t force Verizon to alter those SS7 records, stripping the CSLI before delivering it to the government. First, there is no means to compensate the providers under Section 215. That clearly indicates Congress had no plan to ask providers to provide all their records on a daily basis. But without compensation, you can’t ask the providers to do a lot of tweaking.
The other problem is if you’re asking the providers to create a record, then you’re getting away from the Third Party doctrine, aren’t you? In any case, the government and judges have repeated over and over, they can only get existing business records the providers already have. Asking Verizon to do a bunch to tweak those records turns it into a database that Verizon has created not for its own business purpose, but to fulfill the government’s spying demands.
I think this is the underlying point of Woods’ testimony where he made it clear Verizon had no intent of playing Intelligence agent for the government. Verizon seems to have made it very clear they will challenge any order to go back into the spying for the government business (all the more so after losing some German business because of too-close ties to the USG). And since Verizon is presumably now doing this for relatively free (since 2009, as opposed to AT&T and Sprint, who are still getting paid via their FBI contract), the government has far less ability to make demands.
This is also where I think the cost from getting complete coverage comes from. You have to pay provider sufficiently such that they are really doing the database-keeping voluntarily, which presumably gets it well beyond reasonable cost compensation.
Update: One final point (and it’s a point William Ockham made a billion years ago). The foreign data problem Verizon had starting in 2009 would be completely consistent with a shift from database production to SS7 production, because SS7 records are going to have everything that transits the circuit.

The Verizon Publicity Stunt, Mosaic Theory, and Collective Fourth Amendment Rights

On Friday, I Con the Record revealed that a telecom — Ellen Nakashima confirms it was Verizon — asked the FISA Court to make sure its January 3 order authorizing the phone dragnet had considered Judge Richard Leon’s December 16 decision that it was unconstitutional. On March 20, Judge Rosemary Collyer issued an opinion upholding the program.

Rosemary Collyer’s plea for help

Ultimately, in an opinion that is less shitty than FISC’s previous attempts to make this argument, Collyer examines the US v. Jones decision at length and holds that Smith v. Maryland remains controlling, mostly because no majority has overturned it and SCOTUS has provided no real guidance as to how one might do so. (Her analysis raises some of the nuances I laid out here.)

The section of her opinion rejecting the “mosaic theory” that argues the cumulative effect of otherwise legal surveillance may constitute a search almost reads like a cry for help, for guidance in the face of the obvious fact that the dragnet is excessive and the precedent that says it remains legal.

A threshold question is which standard should govern; as discussed above, the court of appeals’ decision in Maynard and two concurrences in Jones suggest three different standards. See Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Mich. L. Rev. at 329. Another question is how to group Government actions in assessing whether the aggregate conduct constitutes a search.See id. For example, “[w]hich surveillance methods prompt a mosaic approach? Should courts group across surveillance methods? If so, how? Id. Still another question is how to analyze the reasonableness of mosaic searches, which “do not fit an obvious doctrinal box for determining reasonableness.” Id. Courts adopting a mosaic theory would also have to determine whether, and to what extent, the exclusionary rule applies: Does it “extend over all the mosaic or only the surveillance that crossed the line to trigger a search?”

[snip]

Any such overhaul of Fourth Amendment law is for the Supreme Court, rather than this Court, to initiate. While the concurring opinions in Jones may signal that some or even most of the Justices are ready to revisit certain settled Fourth Amendment principles, the decision in Jones itself breaks no new ground concerning the third-party disclosure doctrine generally or Smith specifically. The concurring opinions notwithstanding, Jones simply cannot be read as inviting the lower courts to rewrite Fourth Amendment law in this area.

As I read these passages, I imagined that Collyer was trying to do more than 1) point to how many problems overruling the dragnet would cause and 2) uphold the dignity of the rubber stamp FISC and its 36+ previous decisions the phone dragnet is legal.

There is reason to believe she knows what we don’t, at least not officially: that even within the scope of the phone dragnet, the dragnet is part of more comprehensive mosaic surveillance, because it correlates across platforms and identities. And all that’s before you consider how, once dumped into the corporate store and exposed to NSA’s “full range of analytic tradecraft,” innocent Americans might be fingerprinted to include our lifestyles.

That is, not only doesn’t Collyer see a way (because of legal boundary concerns about the dragnet generally, and possibly because of institutional concerns about FISC) to rule the dragnet illegal, but I suspect she sees the reverberations that such a ruling would have on the NSA’s larger project, which very much is about building mosaics of intelligence.

No wonder the government is keeping that August 20, 2008 opinion secret, if it indeed discusses the correlations function in the dragnet, because it may well affect whether the dragnet gets assessed as part of the mosaic NSA uses it as.

Verizon’s flaccid but public legal complaint

Now, you might think such language in Collyer’s opinion would invite Verizon to appeal this decision. But given this lukewarm effort, it seems unlikely to do so. Consider the following details:

Leon issued his decision December 16. Verizon did not ask the FISC for guidance (which makes sense because they are only permitted to challenge orders).

Verizon got a new Secondary Order after the January 3 reauthorization. It did not immediately challenge the order.

It only got around to doing so on January 22 (interestingly, a few days after ODNI exposed Verizon’s role in the phone dragnet a second time), and didn’t do several things — like asking for a hearing or challenging the legality of the dragnet under 50 USC 1861 as applied — that might reflect real concern about anything but the public appearance of legality. (Note, that timing is of particular interest, given that the very next day, on January 23, PCLOB would issue its report finding the dragnet did not adhere to Section 215 generally.)

Indeed, this challenge might not have generated a separate opinion if the government weren’t so boneheaded about secrecy.

Verizon’s petition is less a challenge of the program than an inquiry whether the FISC has considered Leon’s opinion.

It may well be the case that this Court, in issuing the January 3,2014 production order, has already considered and rejected the analysis contained in the Memorandum Order. [redacted] has not been provided with the Court’s underlying legal analysis, however, nor [redacted] been allowed access to such analysis previously, and the order [redacted] does not refer to any consideration given to Judge Leon’s Memorandum Opinion. In light of Judge Leon’s Opinion, it is appropriate [redacted] inquire directly of the Court into the legal basis for the January 3, 2014 production order,

As it turns out, Judge Thomas Hogan (who will take over the thankless presiding judge position from Reggie Walton next month) did consider Leon’s opinion in his January 3 order, as he noted in a footnote.

Screen Shot 2014-04-28 at 10.49.42 AM

And that’s about all the government said in its response to the petition (see paragraph 3): that Hogan considered it so the FISC should just affirm it.

Verizon didn’t know that Hogan had considered the opinion, of course, because it never gets Primary Orders (as it makes clear in its petition) and so is not permitted to know the legal logic behind the dragnet unless it asks nicely, which is all this amounted to at first.

Note that the government issued its response (as set by Collyer’s scheduling order) on February 12, the same day it released Hogan’s order and its own successful motion to amend it. So ultimately this headache arose, in part, because of the secrecy with which it treats even its most important corporate spying partners, which only learn about these legal arguments on the same schedule as the rest of us peons.

Yet in spite of the government’s effort to dismiss the issue by referencing Hogan’s footnote, Collyer said because Verizon submitted a petition, “the undersigned Judge must consider the issue anew.” Whether or not she was really required to or could have just pointed to the footnote that had been made public, I don’t know. But that is how we got this new opinion.

Finally, note that Collyer made the decision to unseal this opinion on her own. Just as interesting, while neither side objected to doing so, Verizon specifically suggested the opinion could be released with no redactions, meaning its name would appear unredacted.

The government contends that certain information in these Court records (most notably, Petitioner’s identity as the recipient of the challenged production order) is classified and should remain redacted in versions of the documents that are released to the public. See Gov’t Mem. at 1. Petitioner, on the other hand, “request[s] no redactions should the Court decide to unseal and publish the specified documents.” Pet. Mem. at 5. Petitioner states that its petition “is based entirely on an assessment of [its] own equities” and not on “the potential national security effects of publication,” which it “is in no position to evaluate.” Id.

I’ll return to this. But understand that Verizon wanted this opinion — as well as its own request for it — public.

Read more

FISA Court Finally Discovers a Limit to the Word “Relevant”

A few weeks back I laughed that, in a probable attempt to score political points against those challenging the phone dragnet by asking to retain the phone dragnet longer than 5 years, DOJ had shown a rather unusual concern for defendant’s rights.

Judge Reggie Walton has just denied DOJ’s motion. In doing so he has found limits to the word “relevant” that otherwise seem unheard of at the FISC in recent memory.

For its part, the government makes no attempt to explain why it believes the records that are subject to destruction are relevant to the civil cases. The government merely notes that “‘[r]elevant’ in this context means relevant for purposes of discovery, … including information that relates to the claims or defenses of any party, as well as information that is reasonably calculated to lead to the discovery of admissible evidence.” Motion at 6. Similarly, the government asserts that “[b]ased on the issues raised by Plaintiffs,” the information must be retained, but it fails to identify what those issues are and how the records might shed light on them. Id. at 7. Finally, the motion asserts, without any explanation, that “[b]ased on the claims raised and the relief sought, a more limited retention of the BR metadata is not possible as there is no way for the Government to know in advance and then segregate and retain only the BR metadata specifically relevant to the identified lawsuits.” Id. Of course, questions of relevance are ultimately matters for the courts entertaining the civil litigation to resolve. But the government now requests this Court to afford substantial weight to the purported interests of the civil litigants in retaining the BR metadata relative to the primary interests of the United States persons whose information the government seeks to retain. The government’s motion provides scant basis for doing so.

Shew. Given the way FISC has been defining the word “relevant” since 2004 to mean “virtually all,” I had thought the word had become utterly meaningless.

At least we know the word “relevant” has some limits at FISC, even if they’re unbelievably broad.

Mind you, I’m not sure whether FISC or the government is right in this case, as I do have concerns about the data from the troubled period during 2009 aging off.

But I will at least take some Friday afternoon amusement that the FISC just scolded the government about the word “relevant.”

NSA’s Bid for a 6 Month Delay in Protecting Larry Klayman’s Phone Records

The White House has announced they’re going to release the recommendations of the Committee to Make You Love the Dragnet today. Given that the report recommends putting the dragnet into someone else’s hands, I suspect the White House changed plans (It was going to release the report in mid-January) as a way to stave off the Klayman and other suits.

Given that we expect that recommendation — and that the government claims it’d take years to effect — I want to point to a claim that NSA Director of Signals Intelligence Division Theresa Shea made in her declaration in the Klayman suit. She claimed it would be an onerous process to take Larry Klayman’s call records out of the dragnet.

Beyond harming national security and the Government’s counterterrorism capabilities, plaintiffs’ proposed preliminary injunction would seriously burden the Government. While plaintiffs seek an order barring the Government from collecting metadata reflecting their calls, the Government does not know plaintiffs’ phone numbers, and would need plaintiffs to identify all numbers they use to even attempt to implement such an injunction. Ironically, as explained above, these numbers are not currently visible to NSA intelligence analysts unless they are within a three hopes of a call chain of a number that based on RAS is associated with a foreign terrorist organization.

Even if plaintiffs’ phone numbers were available, extraordinarily burdensome technical and logistical hurdles to compliance with a preliminary injunction order would remain. Technical experts would have to develop a solution such as removing the numbers from the system upon receipt of each batch of metadata or developing a capability whereby plaintiffs’ numbers would be received by NSA but would not be visible in response to an authorized query. To identify, design, build, and test the best implementation solution would potentially require the creation of new full-time positions and could take six months or more to implement. Once implemented, any potential solution could undermine the results of any authorized query of a phone number that based on RAS is associated with one of the identified foreign terrorist organizations by eliminating, or cutting off potential call chains. If this Court were to grant a preliminary injunction and the defendants were to later prevail on the merits of this litigation, it could prove extremely difficult to develop a solution to reinsert any quarantined records and would likely take considerable resources and several months to build, test, and implement a reinsertion capability suited to this task.

Judge Richard Leon treated this complaint as the obvious bullpuckey it clearly is.

[T]he Government says that it will be burdensome to comply with any order that requires the NSA to remove plaintiffs from its database. Of course, the public has no interest in saving the Government from the budens of complying with the Constitution! Then, the Government frets such an order “could ultimately have a degrading effect on the utility of the program if an injunction in this case precipitated successful requests for such relief by other litigants.” For reasons already explained, I am not convinced at this point in the litigation that the NSA’s database has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations, and so I am certainly not convinced that the removal of two individuals from the database will “degrade” the program in any meaningful sense.68

[snip]

In [staying my order to destroy the plaintiffs’ metadata] I hereby give the Government fair notice that should my ruling be upheld, this order will go into effect forthwith. Accordingly, I fully expect that during the appellate process, which will consume at least the next six months, the Government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld. Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.

68 To the extent that removing plaintiffs from the database would create the risk of “eliminating, or cutting off potential call chains,” the Government concedes that the odds of this happening are miniscule. (“[O]nly a tiny fraction of the collected metadata is ever reviewed . . . .”) (“Only the tiny fraction of the telephony metadata records that are responsive to queries authorized under the RAS standard are extracted, reviewed, or disseminated. . . . “). [citations removed]

But the plea for time– when it’s crystal clear NSA could start treating Larry Klayman’s data like a high volume number they intentionally defeat on intake tomorrow — made me wonder what purpose this complaint was really meant to serve, especially given James Cole’s refusal the other day to answer whether the Leahy-Sensenbrenner bill would eliminate bulk collection, which Jennifer Granick likens to a coup.

Responding to a question at yesterday’s hearing on the bill, Cole said, “Right now the interpretation of the word ‘relevant’ is a broad interpretation. Adding ‘pertinent to a foreign agent’ or ‘somebody in contact with a foreign agent’ could be another way of talking about relevance as it is right now. We’d have to see how broadly the court interprets that or how narrowly.”  In other words, the FISA court might let us keep doing what we’re doing no matter what the law says and despite Congress’ intent.

All courts issue opinions about what the laws that legislatures pass mean. These opinions are called the “common law”. But common law interpretations of statutes are only legitimate if they are fair and reasonable interpretations.

The NSA has a great track record getting FISC judges to interpret even obviously narrow phrases in surprisingly broad ways.

[snip]

Time and again, the FISC accepts the Administration’s shockingly flimsy arguments. As a set, the few public FISC opinions we’ve seen suggest that the Executive Branch—in cahoots with a few selected judges—has replaced legitimate public statutes with secret, illegitimate common law.

The rule of law is a basic democratic principle meaning that all members of a society—individuals, organizations, and government officials—must obey publicly disclosed legal codes and processes. If Cole is right that, try as it might, Congress cannot end bulk collection because the secret FISA court may defer to the NSA’s interpretation of the rules, there is no rule of law.  The NSA is in charge, the FISA court process is just a fig leaf, and this is no longer a democracy. There’s been a coup d’etat.

But it appears that not even the FISC judges are always in on the game. After all, at the moment when Judges Walton and Bates started reining in the Internet dragnet in the US, NSA started rolling out an expanded Internet dragnet program — which made it easier to pick up US person data and presumably easier to disseminate it — overseas. With that 6 month delay, would NSA just be figuring out how to maintain the dragnet function, but beyond the reach of meddling judges like Richard Leon?

The NSA suggested it would need 6 months notice to take just two people out of the dragnet. I can imagine no feasible technical reason that’s true.

So why were they implying they’d need that 6 months?

The Pre-Dragnet Cold War Contact Chaining

I’m still working through some things from Judge Richard Leon’s injunction against the phone dragnet.

But for the moment I wanted to point to something the government claimed in the FBI’s declaration in the case, by Acting Assistant Director Robert Holley. He says,

For decades reaching back to the Cold-War era, the FBI has relied on contact chaining as a method of detecting foreign espionage networks and operatives, both in the United States and abroad, and disrupting their plans.

The language here seems somewhat forced. “Decades reaching back to the Cold War-era” might only mean 1988.

Moreover, the fact that FBI claims they’ve been doing this for “decades” suggests they’ve been doing it for decades before they put together the phone dragnet, even decades before they required telecoms to keep phone records for 18 months.

Doesn’t that mean it’s possible to do successfully without the dragnet and without 5 years of data?

If the technique, absent the dragnet, was effective against the Soviet Union, why do we need a dragnet against a less powerful adversary now?

That Pirate May Be the Missing Link We Should Drone Kill

As I mocked last night, 60 Minutes decided to use pirate data collected under EO 12333 to demonstrate how it conducts call chaining on US citizen data collected under Section 215. But the exchange is rather interesting for the way the NSA analyst, Stephen Benitez, describes finding a potentially key player in a network of pirates.

Metadata has become one of the most important tools in the NSA’s arsenal. Metadata is the digital information on the number dialed, the time and date, and the frequency of the calls.  We wanted to see how metadata was used at the NSA.  Analyst Stephen Benitez showed us a technique known as “call chaining” used to develop targets for electronic surveillance in a pirate network based in Somalia.

Stephen Benitez: As you see here, I’m only allowed to chain on anything that I’ve been trained on and that I have access to. Add our known pirate. And we chain him out.

John Miller: Chain him out, for the audience, means what?

Stephen Benitez: People he’s been in contact to for those 18 days.

Stephen Benitez: One that stands out to me first would be this one here. He’s communicated with our target 12 times.

Stephen Benitez: Now we’re looking at Target B’s contacts.

John Miller: So he’s talking to three or four known pirates?

Stephen Benitez: Correct. These three here. We have direct connection to both Target A and Target B. So we’ll look at him, too, we’ll chain him out. And you see, he’s in communication with lots of known pirates. He might be the missing link that tells us everything. [my emphasis]

Compare the language Benitez uses here with that which Gregory McNeal used to describe drone targeting back in February.

Networked based analysis looks at terrorist groups as nodes connected by links, and assesses how components of that terrorist network operate together and independently of one another.  Those nodes and links, once identified will be targeted with the goal of disrupting and degrading their functionality.  To effectively pursue a network based approach, bureaucrats rely in part on what is known as “pattern of life analysis” which involves connecting the relationships between places and people by tracking their patterns of life. This analysis draws on the interrelationships among groups “to determine the degree and points of their interdependence.” It assesses how activities are linked and looks to “determine the most effective way to influence or affect the enemy system.”

[snip]

Viewing targeting in this way demonstrates how seemingly low level individuals such as couriers and other “middle-men” in decentralized networks such as al Qaeda are oftentimes critical to the successful functioning of the enemy organization. Targeting these individuals can “destabilize clandestine networks by compromising large sections of the organization, distancing operatives from direct guidance, and impeding organizational communication and function.” Moreover, because clandestine networks rely on social relationships to manage the trade-off between maintaining secrecy and security, attacking key nodes can have a detrimental impact on the enemy’s ability to conduct their operations. [my emphasis]

That is, the language describing the process behind signature strikes closely matches the language describing NSA’s targeting for wiretapping. Both these analyses are doing the same thing: trying to find the key nodes in networks of people (though the drone targeting appears to draw in additional intelligence about someone’s observed actions and locations).

Now, as I said, when Benitez used the word “target,” he was presumably discussing only targeting for surveillance, not for drone killing (besides, thus far we haven’t drone killed any pirates I know of).

But it is very easy to see what kind of role metadata analysis would play in the early stages of targeting a signature strike, because that’s precisely how the intelligence community identify the nodes that, McNeal tells us, they’re often targeting when they conduct signature strikes. Wiretap the person at that node and you may learn a lot (that’s also probably the same kind of targeting they do to select potential informants, as we know they do with metadata), kill that person and you may damage the operational capabilities of a terrorist (or pirate) organization.

When the WaPo reported on NSA’s role in drone killing, it focused on how NSA collected content associated with a known target — Hassan Ghul — to pinpoint his location for drone targeting.

But NSA probably plays a role in the far more controversial targeting of people we don’t know for death, with precisely the kind of contact chaining it uses on US persons.

Note, in related news, Richard Leon has just ruled for Larry Klayman in one of the first suits challenging the phone dragnet (with the injunction stayed pending appeal). I’ll have analysis on that later.