Posts

The Phone Dragnet Adopted “Selection Term” by 2013

As I laid out last week, I’m not convinced the term “specific selection term” is sufficiently narrowly defined to impose adequate limits to the “reformed” Section 215 (and NSL and PRTT) programs. Here’s how the House defined it:

SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

That said, as I also noted, the motion to amend January’s primary order used the term to refer to the query term, which may suggest my concerns are unfounded.

I’ve looked further, and the amendment’s use of the term was not new in the phone dragnet.

In fact, the phrase used to refer to the query subject changed over the course of the dragnet. The first Primary Order authorized the search on “particular known phone numbers.” That usage continued until 2008, when Primary Order BR 08-08 introduced the term “particular known identifier.” A completely redacted footnote seems to have defined the term (and always has). Significantly, that was the first Primary Order after an August 20, 2008 opinion authorized some “specific intelligence method in the conduct of queries (term “searches”) of telephony metadata or call detail records obtained pursuant to the FISC’s orders under the BR FISA program.” I think it highly likely that opinion authorized the use of correlations between different identifiers believed to be associated with the same person. 

The September 3, 2009 Primary Order — the first one resuming some normality after the problems identified in 2009 — references a description of identifier in a declaration. And the redaction provides hints that the footnote describing the term lists several things that are included (though the footnote appears to be roughly the same size as others describing identifier).

Identifier Footnote

 

The Primary Orders revert back to the same footnote in all the orders that have been released (the government is still withholding 3 known Primary Orders from 2009). And that continued until at least June 22, 2011, the last Primary Order covered by the ACLU and EFF FOIAs.

But then in the first Primary Order after the 2011-2012 break (and all Primary Orders since), the language changes to “selection term,” which like its predecessor has a footnote apparently explaining the term — though the footnote is twice as long. Here’s what it looks like in the April 25, 2013 Primary Order:

Selection Term Footnote

 

The change in language is made not just to the subject of queries. There’s a paragraph in Primary Orders approving the use of individual FISA warrant targets for querying (see this post for an explanation) that reads,

[Identifiers/selection terms] that are currently the subject of electronic surveillance authorized by the Foreign Intelligence Surveillance Court (FISC) based on the FISC’s finding of probable cause to believe that they are used by agents of [redacted] including those used by U.S. persons, may be deemed approved for querying for the period of FISC-authorized electronic surveillance without review and approval by a designated approving official.

The change appears there too. That’s significant because it suggests a use that would be tied to targets about whom much more would be known, and in usages that would be primarily email addresses or other Internet identifiers, rather than just phone-based ones. I think that reflects a broader notion of correlation (and undermines the claim that a selection term is “unique,” as  it would tie the use of an identity authorized for Internet surveillance to a telephone metadata identifier used to query the dragnet).

Finally, the timing. While the big gap in released Primary Orders prevents us from figuring out when the NSA changed from “identifier” to “selection term,” it happened during the same time period when the automated query process was approved.

This may all seem like a really minor nit to pick.

But even after the language was changed to “selection term” on Primary Orders, top intelligence officials continued to use the term “identifier” to describe the process (see the PCLOB hearing on Section 215, for example). The common usage, it seems, remains “identifier,” though there must be some legal reason the NSA and DOJ use “selection term” with the FISC.

It also means there’s some meaning for selection term the FISA Court has already bought off on. It’s a description that takes 15 lines to explain, one the government maintains is still classified.

And we’re building an entire bill off a vague 17-word definition without first learning what that 15-line description entails.

 

EFF to Reggie Walton: Stuart Delery and John Carlin Are Still Materially Misleading FISA Court

In my latest post in DOJ’s apparent effort to destroy evidence pertinent to EFF’s several lawsuits in Northern District of CA, I noted that even after being ordered to explain their earlier material misstatements to the FISA Court, Assistant Attorneys General John Carlin and Stuart Delery left a lot of key details unsaid. Significantly, they did not describe the full extent of the evidence supporting EFF’s claims in the dispute (and therefore showing DOJ’s actions to be unreasonable).

Notwithstanding a past comment about preservation orders in the matters before Judge Walton, the government claims EFF’s suits are unrelated to the phone dragnet.

[T]he Government has always understood [EFF’s suits] to be limited to certain presidentially authorized intelligence collection activities outside FISA, the Government did not identify those lawsuits, nor the preservation order issued therein, in its Motion for the Second Amendment to Primary Order filed in the above-captioned Docket number on February 25, 2014. For the same reasons, the Government did not notify this Court of its receipt of plaintiffs’ counsel’s February 26, 2014, e-mail.

Note, to sustain this claim, the government withheld both the state secrets declarations that clearly invoke the FISC-authorized dragnets as part of the litigation, even though the government’s protection order invokes it repeatedly, as well as Vaughn Walker’s preservation order which is broader than DOJ’s own preservation plan. Thus, they don’t give Walton the things he needs to be able to assess whether DOJ’s actions in this matter were remotely reasonable.

Apparently, EFF agrees. EFF Legal Director Cindy Cohn wrote AAGs Stuart Delery and John Carlin to complain that they hadn’t referenced the evidence submitted by EFF to support its claims.

[W]e were dismayed to see that the government’s response to the FISC on pages 3-5 repeated its own arguments (plus new ones) about the scope of the Jewel complaint without referencing, much less presenting, plaintiffs’ counter-arguments. As you know, especially in our reply papers (doc. 196) in support of the TRO, plaintiffs presented significant argument and evidence that contradicts the government’s statement to the FISC that plaintiffs only “recently-expressed views” (pages 2, 7) regarding the scope of the preservation orders. They also also undermines [sic] the few paragraphs of the Jewel Complaint and some other documents that the government has cherry-picked to support its argument.

In addition, Cohn complains that the government has left the impression this dispute pertains solely to phone records.

[W]e are concerned that the FISC has not been put on notice that the scope of the dispute about the preservation order in Jewel (or at least the scope of the plaintiffs’ view of the preservation order) reaches beyond telephone records into the Internet content and metadata gathered from the fiberoptic cables of AT&T. This is especially concerning because the FISC may have required (or allowed) destruction of some of that evidence without the knowledge that it was doing so despite the existence of a preservation order covering that information issued by the Northern District of California.

Cohn’s invocation of Internet data is particularly important as it raises the second of two known illegal practices (the other being watchlisting US persons in the phone dragnet without the legally required First Amendment review) the data for which would be aging off now or in the near future: the collection of Internet content in the guise of metadata. I believe the Internet dragnet continued until October 30, 2009, so if they were aging off data for the 6 months in advance, might be aged off in the next week or so.

I’m really curious whether this spat is going to be resolved before Reggie Walton finishes his service on FISC on May 19.

But one thing is certain: it’s a lot more fun to watch the FISC docket when ex parte status starts to break down.

DOJ Says You Can’t Know If They’ve Used the Dragnet Against You … But FISC Says They’re Wrong

As I noted the other day in yet another post showing why investigations into intelligence failures leading up to the Boston Marathon attack must include NSA, the government outright refuses to tell Dzhokhar Tsarnaev whether it will introduce evidence obtained using Section 215 at trial.

Tsarnaev’s further request that this Court order the government to provide notice of its intent to use information regarding the “. . . collection and examination of telephone and computer records pursuant to Section 215 . . .” that he speculates was obtained pursuant to FISA should also be rejected. Section 215 of Pub. L. 107-56, conventionally known as the USA PATRIOT Act of 2001, is codified in 50 U.S.C. § 1861, and controls the acquisition of certain business records by the government for foreign intelligence and international terrorism investigations. It does not contain a provision that requires notice to a defendant of the use of information obtained pursuant to that section or derived therefrom. Nor do the notice provisions of 50 U.S.C. §§ 1806(c), 1825(d), and 1881e apply to 50 U.S.C § 1861. Therefore, even assuming for the sake of argument that the government possesses such evidence and intends to use it at trial, Tsarnaev is not entitled to receive the notice he requests.

This should concern every American whose call records are likely to be in that database, because the government can derive prosecutions — which may not even directly relate to terrorism — using the digital stop-and-frisk standard used in the dragnet, and never tell you they did so.

Note, too, Dzhokhar’s lawyers are  not just asking for phone records, but also computer records collected using Section 215, something Zoe Lofgren has made clear can be obtained under the provision.

And in the case in which Dzhokhar’s college buddies are accused of trying to hide his computer and some firecracker explosives, prosecutors profess to be unable to provide any of the text messages Dzhokhar sent after his last text to them. That stance seems to pretend they couldn’t get at least the metadata from those texts from the phone dragnet.

The government, then, claims that defendants can’t have access to data collected using Section 215. They base that claim on the absence of any language in the Section 215 statute, akin to that found in FISA content collection statutes, providing for formal notice to defendants.

But at least in the case of the phone dragnet, that stance appears to put them in violation of the dragnet minimization procedures. That’s because since at least September 3, 2009 and continuing through the last dragnet order released (note, ODNI seems to be taking their time on releasing the March 28 order),  the minimization procedures have explicitly provided a way to make the query results available for discovery. Here’s the language from 2009.

Notwithstanding the above requirements, NSA may share information derived from the BR metadata, including U.S. person identifying information, with Executive Branch personnel in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings.

The government routinely points to these very same minimization procedures to explain why it can’t provide information to Congress or other entities. But if the minimization procedures trump other statutes to justify withholding information, surely they must have the weight of law for disclosure to criminal defendants. And all that’s before you consider the Brady and Constitutional reasons that should trump the government’s interpretation as well.

Using the formulation the government always uses when making claims about the dragnet’s legality, on at least 21 occasions, FISC judges have envisioned discovery to be part of the minimization procedures with which the government must comply. At least 7 judges have premised their approval of the dragnet, in part, on the possibility exculpatory information may be shared in discovery.

Now, there is a limit to the discovery envisioned by these 21 FISA orders; this discovery language, in the most recently published order, reads:

Notwithstanding the above requirements, NSA may share results from intelligence analysis queries of the BR metadata, including U.S. person identifying information, with Executive Branch personnel (1) in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings …

That is, this discovery language only includes the “results from intelligence analysis queries.” It doesn’t permit new queries of the entire database, a point the government makes over and over. But in the case of the Marathon bombing, we know the queries have been run, because Executive Branch officials have been bragging about the queries they did after the bombing that gave them “peace of mind.”

Those query results are there, and the FISC judges explicitly envisioned the queries to be discoverable. And yet the government, in defiance of the minimization procedures they claim are sacred, refuse to comply.

Turns Out the NSA “May” Destroy Evidence of Crimes before 5 Years Elapse

The metadata collected under this order may be kept online (that is, accessible for queries by cleared analysts) for five years, at which point it shall be destroyed. — Phone dragnet order, December 12, 2008

The Government “takes its preservation obligations with the utmost seriousness,” said a filing signed by Assistant Attorneys General John Carlin and Stuart Delery submitted Thursday in response to Presiding FISA Court Judge Reggie Walton’s accusation they had made material misstatements to him regarding the question of destroying phone dragnet data.

Recognizing that data collected pursuant to the Section 215 program could be potentially relevant to, and subject to preservation obligations in, a number of cases challenging the legality of the program, including First Unitarian Church of Los Angeles  v. NSA,

… Signals Intelligence Division Director Theresa Shea wrote in her March 17 declaration (starting at page 81) explaining what the government has actually done to protect data under those suits.

At which point Shea proceeded to admit that the government hadn’t been preserving the data they recognized was potentially relevant to the suits at hand.

… since the inception of the FISC-authorized bulk telephony metadata program in 2006, the FISC’s orders authorizing the bulk collection of telephony metadata under FISA Section 501 (known also as the Section 215 program) require that metadata obtained by the NSA under this authority be destroyed no later than five years after their collection. In 2011, the NSA began compliance with this requirement (when the first metadata collected under the FISC authority was ready to be aged off) and continued to comply with it until this Court’s March 10 order and the subsequent March 12, 2014 order of the FISC.

Thursday’s filing added to that clarity, not only saying so in a footnote, but then submitting another filing to make sure the footnote was crystal clear.

Footnote 6 on page 5 was intended to convey that “[c]onsistent with the Government’s understanding of these orders in Jewel and Shubert, prior to the filing of the Government’s Motion for Second Amendment to Primary Order, the Government complied with this Court’s requirements that metadata obtained by the NSA under Section 215 authority be destroyed no later than five years after their collection.”

The significance seems clear. The Government admits it could potentially have a preservation obligation from the filing of the first Section 215 suit, Klayman v. Obama, on June 6, 2013. But nevertheless, it destroyed data for 9 months during which it recognized it could potentially have a preservation obligation.  That means data through at least March 9, 2009 and perhaps as late as September 10, 2009 may already be destroyed, assuming reports of biannual purging is correct. Which would perhaps not coincidentally cover almost all of the phone dragnet violations discovered over the course of 2009. It would also cover all, or almost all, of the period (probably)  NSA did not have adequate means of identifying the source of its data (meaning that Section 215 data may have gotten treated with the lesser protections of EO 12333 data).

And the amount of data may be greater, given that NSA now describes in its 5 year age-off requirement no affirmative  obligation to keep data five years.

This all means the government apparently has already destroyed data that might be implicated in the scenario Judge Jeffrey White (hypothetically) raised in a hearing on March 19, in which he imagined practices of graver Constitutional concern than the program as it currently operates five years ago.

THE COURT: Well, what if the NSA was doing something, say, five years ago that was broader in scope, and more problematical from the constitutional perspective, and those documents are now aged out? And — because now under the FISC or the orders of the FISC Court, the activities of the NSA have — I mean, again, this is all hypothetical — have narrowed. And wouldn’t the Government — wouldn’t the plaintiffs then be deprived of that evidence, if it existed, of a broader, maybe more constitutionally problematic evidence, if you will?

MR. GILLIGAN: There — we submit a twofold answer to that, Your Honor.

We submit that there are documents that — and this goes to Your Honor’s Question 5B, perhaps. There are documents that could shed light on the Plaintiffs’ standing, whether we’ve actually collected information about their communications, even in the absence of those data.

As far as — as Your Honor’s hypothetical goes, it’s a question that I am very hesitant to discuss on the public record; but I can say if this is something that the Court wishes to explore, we could we could make a further classified ex parte submission to Your Honor on that point.

According to the NSA’s own admissions, until just over 5 years ago, the NSA was watchlisting as many as 3,000 Americans without doing the requisite First Amendment review required by law. And that evidence — and potentially the derivative queries that arose from it — is apparently now gone.

Which puts a new spin on the narratives offered in the press about DOJ’s delay in deciding what to do with this evidence. WSJ described the semiannual age-off and suggested the issue with destroying evidence might pertain to standing.

As the NSA program currently works, the database holds about five years of data, according to officials and some declassified court opinions. About twice a year, any call record more than five years old is purged from the system, officials said.

A particular concern, according to one official, is that the older records may give certain parties legal standing to pursue their cases, and that deleting the data could erase evidence that the phone records of those individuals or groups were swept up in the data dragnet.

FP’s sources suggested DOJ was running up against that semiannual deadline.

A U.S. official familiar with the legal process said the question about what to do with the phone records needn’t have been handled at practically the last minute. “The government was coming up on a five-year deadline to delete the data. Lawsuits were pending. The Justice Department could have approached the FISC months ago to resolve this,” the official said, referring to the Foreign Intelligence Surveillance Court.

There should be no February to March deadline. Assuming the semiannual age-off were timed to March 1, there should have already been a September 1 deadline, at which point NSA presumably would have destroyed everything moving forward to March 1, 2009.

Which may mean NSA and DOJ put it off to permit some interim age-off, all the out of control violations from 2009.

We shall see. EFF and DOJ will still litigate this going forward. But as I look more closely at the timing of all this, DOJ’s very belated effort to attempt to preserve data in February seems to have served, instead, to put off dealing with preservation orders until the most potentially damning data got destroyed.

All of this is separate from the dispute over whether DOJ violated the preservation order in Jewel, and that case may be coming up on the 5 year destruction of the last violative Internet metadata, which might be aged off by April 30 (based on the assumption the Internet dragnet got shut down on October 30, 2009).

But even for he more narrow question of the phone dragnet, for which the government admits it may have data retention obligations, the government seems to have already violated those obligations and, in the process, destroyed some of the most damning data about the program. 

Chronicle of the Phone Dragnet

  1. Howard, Malcolm BR 06-05 (5/24/06)
    • One group (al Qaeda) originally approved, a second (or more) added via amendment in August 2006)
    • Footnote 1 asserting most calls domestic to domestic (redacted thereafter)
    • Probably just 2 providers (plural custodians, but short redaction)
    • Includes compensation paragraph dropped with third order
    • Footnote 2: 2 numbers per day
    • Only 7 people authorized to sign off on RAS: Signals Intelligence Directorate Program Manager for Counterterrorism Special Projects; the Chief or Deputy Chief, Counterterrorism Advanced Analysis Division; or one of the four specially authorized Counterterrorism Advanced Analysis Shift Coordinators in the Analysis and Production Directorate of the Signals Intelligence Directorate
    • Classification mark redacted
  2. Howard, Malcolm BR 06-08 (8/18/06)
    • Begin large footnote modifying names of (now 2) organizations cleared for RAS
    • 8 authorizers (plus addition of “production” to SID Program Manager), addition 5th CT Shift Coordinator
    • Add language approving RAS for FISA targets
    • Classification based on application; declassification of President
    • 2 (4 pages and 15 pages) Orders of unknown subject (10/31/06)
  3. Scullin, Frederick, BR 06-12 (11/15/06)
    • Compensation paragraph dropped
    • Footnote 2 changed to 3 numbers a day
    • Mandate review every 90 days
    • Add at least 2 spot checks every 90 days
    • Congressional notification regarding implementation of Section 215 authority (1/25/07)
    • 43 total BR orders in 2006
  4. Broomfield, Robert, BR 07-04 (2/02/07)
    • Add exception to FISC authorization for RAS for FISA docket 06-2081
    • Internal Executive Branch email message and attached document regarding implementation of Section 215 authority (3/9/07)
  5. Gorton, Nathaniel, BR 07-10 (5/03/07)
  6. Gorton, Nathaniel, BR 07-14 (7/23/07)
    • Replace docket 06-2081 exception to FISA language w/docket 07-449 [see also]
  7. Vinson, Roger, BR 07-16 (10/18/07)
  8. Howard, Malcolm, BR 08-01 (1/4/08?)
    • Footnote 5 notes that “for analytical efficiency” “a copy of data” from phone dragnet data will be stored on same server as [EO 12333 and foreign collected] data
    • Move spot check language to FISC l
    • NSA management cancels monthly due diligence meetings (1/08)
    • DOJ IG Report on Section 215, including 2 classified sections that presumably include the dragnet (though only for 2006), as well as notice of failure to meet statute’s minimization requirement (3/08)
  9. Kollar-Kotelly, Colleen, BR 08-04 (4/3/08)
    • Approval for training new NSA analysts?
    • 31 newly trained NSA analysts query BR database using 2,373 identifiers without knowing they were doing so (4/08)
    • Internal memo addressed to NSD/OI officials including Matthew Olsen in anticipation of filing to FISC (6/6/08)
  10. Zagel, James, BR 08-07 (6/26/08)
    • NSA shifts the servers the reports are retained on (no word about the records themselves) (7/29/08)
    • Disabling of hyperlink allowing CIA, FBI, and NCTC to access BR metadata directly (Note, ETE report says this happened in “Summer 2008 timeframe”) (7/08)
    • Distribution of Data Integrity Analysts’ defeat list changes (probably expands) in some way (8/08)
    • NSA tells FISC about tool to find correlations (8/18/08)
  11. Zagel, James, BR 08-08 (9/19/08?)
    • AG Guidelines for Domestic FBI Operations (9/28/08)
    • Notice of April violations (10/17/08)
    • Start date for audit as part of E-2-E (11/1/08)
    • 27,090 identifiers allowed to be contact chained, as subsequently reported (11/2/08)
    • (12/1/08) BR 06-05 and 6 other docket orders first provided to Congressional oversight committees
    • Start date for 2 analysts doing 280 queries using non-RAS identifiers (12/10/08)
  12. Walton, Reggie, BR 08-13 (12/11/08)
    • Begin requirement of consultation w/DOJ
    • Supplemental opinion assess legality under 2702/2703 (12/12/08)
    • Notice on “alert” violation; 1,935 of 17,835 identifiers RAS approved (1/15/09)
    • End date for 2 analysts making 280 queries for non-RAS identifiers (1/23/09)
    • Notice of violation on 280 non-RAS queries (1/26/09)
    • Order for more information regarding 1/15/09 notice on “alert” violation (1/28/09)
    • Supplemental notice about failed attempt to kluge the automatic notice (2/3/09)
    • Memo providing more info on violations (2/12/09)
    • Notice of violation on query tool (2/26/09)
    • Notice of domestic identifiers being queried w/o RAS review (3/4/09)
    • 13 total BR orders in 2008
  13. Walton, Reggie, BR 09-01 (3/5/09)
    • Notice that “data integrity” analysts sharing non user emails beyond BR cleared analysts (5/8/09)
  14. Walton, Reggie, BR 09-06 (5/29/09)
    • Secondary order to provider (Verizon?) excludes foreign-to-foreign data
    • Supplemental order (both dockets) on sharing outside of NSA (5/29/09)
    • Notification of chaining on correlated numbers (6/15/09)
    • Notification of access by CIA, FBI, NCTC (6/16/09)
    • Supplemental order in both dragnets (6/22/09) [See PR/TT version]
    • End-to-End report (6/25/09)
    • Notification that NSA following USSID 18 instead of minimization procedures (6/26/09)
    • Notification of unminimized results shared with unidentified recipient (GCHQ?) (6/29/09)
    • End-to–End report shared with FISC (7/2/09)
  15. Walton, Reggie (?) BR 09-09 (7/8/09) [see also]
    • New group approved via primary order pp. 5-7
    • Order specifically mentions NSA failure to follow BR-specific minimization procedures
    • Order requires briefing on legal requirements of dragnet (10)
    • Order requires consultation with DOJ, including on automated queries (14)
    • Requires explanation why NSA disseminated out of NSA, can’t remove credit card info (16-17)
    • Order requires weekly reports
    • Approval for data integrity analysts’ use of non-user specific identifiers
    • 4 new roles approved to approve disseminations
    • Notice of ability to obtain fourth hop contact number (8/4/09)
    • Submission with E-2-E (8/19/09)
  16. Walton, Reggie, BR 09-13 (9/3/09)
    • Order regarding new dissemination violations (9/25/09)
    • Briefing materials for FISC regarding implementation of Section 215 authority (9/18/09)
  17. Walton, Reggie (?) BR 09-15 (10/30/09) [See also]
    • Supplemental opinion on historical queries and dissemination (11/05/09)
    • Briefing materials for government personnel pertaining to implementation of Section 215 authority (11/18/09)
  18. Walton, Reggie (?) BR 09-19 [see also]
  19. Walton, Reggie, BR 10-10 (2/26/10)
  20. Walton, Reggie, BR 10-17 (5/14/10)
  21. Walton, Reggie, BR 10-49 (8/04/10)
  22. Walton, Reggie, BR 10-70 (10/29/10)
  23. Bates, John, BR, 11-07 (1/20/11)
  24. Feldman, Martin, BR 11-57 (4/13/11)
  25. Bates, John, BR 11-107 (6/22/11)
  26. ~9/20/11?
  27. BR-11-191 12/11? [see also]
  28. ~1/29/12?
  29. ~4/29/12?
  30. ~7/28/12?
  31. ~10/26/12?
  32. ~1/25/13?
  33. Vinson, Roger, BR 13-80, (4/25/13)
  34. Eagan, Claire, BR 13-109, (7/18/13)
  35. McLaughlin, Mary, BR 13-158 (10/11/13)
  36. Hogan, Thomas, BR 14-01 (1/3/14)
    • Congress can access database to perform oversight
    • Supplement gives FISC review over RAS and limits to 2 hops (2/5/14)
    • Order denying motion to preserve data (3/7/14)
    • Order approving preservation of data (3/12/14)
    • Order requiring explanation for material misstatement regarding preservation orders (3/21/14)
  37. ? (3/28/14)

Why Did 3 Top DOJ Officials Feed Their Dog DOJ’s Homework?

DOJ has submitted what it claims is an explanation for why it materially misstated facts to Reggie Walton in discussions about destroying phone dragnet data. (See this post and this post for background.)

As you recall, Walton had read EFF’s emails closely enough to realize that EFF had asked Civil Division lawyers why they had claimed there was no protection order when they believed they had one.

A review of the E-mail Correspondence indicates that as early as February 26, 2014, the day after the government filed its February 25 Motion, the plaintiffs in Jewel and First Unitarian indeed sought to clarify why the preservation orders in Jewel and Shubert were not referenced in that motion. E-mail Correspondence at 6-7. The Court’s review of the E-mail Correspondence suggests that the DOJ attorneys may have perceived the preservation orders in Jewel and Shubert to be immaterial to the February 25 Motion because the metadata at issue in those cases was collected under what DOJ referred to as the “President’s Surveillance Program” (i.e., collection pursuant to executive authority), as opposed to having been collected under Section 215 pursuant to FISC orders — a proposition with which plaintiffs’ counsel disagreed. Id at 4. As this Court noted in the March 12 Order and Opinion, it is ultimately up to the Northern District of California, rather than the FISC, to determine what BR metadata is relevant to the litigation pending before the court.

As the government is well aware, it has a heightened duty of candor to the Court in ex parte procedings. See MODEL RULES OF PROF’L CONDUCT R. 3.3(d) (2013). Regardless of the government’s perception of the materiality of the preservation orders in Jewel andShubert to its February 25 Motion, the government was on notice, as of February 26, 2014, that the plaintiffs in Jewel and First Unitarian believed that orders issued by the District Court for the Northern District of California required the preservation of the FISA telephony metadata at issue in the government’s February 25 Motion. E-mail Correspondence at 6-7. The fact that the plaintiffs had this understanding of the preservation orders–even if the government had a contrary understanding–was material to the FISC’s consideration of the February 25 Motion. The materiality of that fact is evidenced by the Court’s statement, based on the information provided by the government in the February 25 Motion, that “there is no indication that nay of the plaintiffs have sought discovery of this information or made any effort to have it preserved.” March 7 Opinion and Order at 8-9.

The government, upon learning this information, should have made the FISC aware of the preservation orders and of the plaintiffs’ understanding of their scopre, regardless of whether the plaintiffs had made a “specific request” that the FISC be so advised. Not only did the government fail to do so, but the E-mail Correspondence suggests that on February 28, 2014, the government sought to dissuade plaintiffs’ counsel from immediately raising this issue with the FISC or the Northern District of California. E-mail Correspondence at 5.

DOJ’s excuse for not telling Walton EFF believed they had a protection order is roughly as follows:

1. Notwithstanding a past comment about preservation orders in the matters before Judge Walton, the government claims EFF’s suits are unrelated to the phone dragnet.

[T]he Government has always understood [EFF’s suits] to be limited to certain presidentially authorized intelligence collection activities outside FISA, the Government did not identify those lawsuits, nor the preservation order issued therein, in its Motion for the Second Amendment to Primary Order filed in the above-captioned Docket number on February 25, 2014. For the same reasons, the Government did not notify this Court of its receipt of plaintiffs’ counsel’s February 26, 2014, e-mail.

Note, to sustain this claim, the government withheld both the state secrets declarations that clearly invoke the FISC-authorized dragnets as part of the litigation, even though the government’s protection order invokes it repeatedly, as well as Vaughn Walker’s preservation order which is broader than DOJ’s own preservation plan. Thus, they don’t give Walton the things he needs to be able to assess whether DOJ’s actions in this matter were remotely reasonable.

2. It explains that it never provided EFF with its own 2007 preservation plan (which did not meet the terms of Walker’s order) until March 17, 2014 because Stellar Wind — but not the FISC-authorized programs that the preservation plan excluded — was classified until December 2013.

A classified submission was necessary at that time [in 2007] because the existence of the presidentially-authorized program was classified and remained so until December 2013.

Note, it doesn’t mention that 19 days passed between the time EFF formally raised concerns about the protection order and the date DOJ actually provided the declassified protection plan to them, during which time, it appears, NSA destroyed one of the most damning half year’s worth of data in the program’s history (which I’ll return to in a later post).

3. In spite of EFF telling DOJ their earlier suits were relevant (and not having received the preservation plan which could have been declassified in December), DOJ claims they didn’t think they were relevant so it didn’t tell FISC about EFF’s beliefs.

Because the Government’s Motion for Second Amendment already had sought relief from this Court based on a list of BR metadata pursuant to FISC authorization, see Motion for Second Amendment at 3-5, counsel did not appreciate — even after receiving the email from plaintiffs’ counsel in Jewel — that it would be be important to notify this Court about Jewel and Shubert or the email from counsel for the Jewel plaintiffs about those cases with which the Government disagreed. Rather, counsel viewed any potential dispute about the scope of Jewel and Shubert preservation orders as a mater to be resolved, if possible, by the parties to those cases (though a potential unclassified explanation to plaintiffs’ counsel) or, failing that, by the district court.

Note what DOJ is not mentioning here? That EFF has a Section 215 lawsuit too, and that its understanding of the impact on that suit may have been influenced by the Shubert and Jewel protection orders.

4. DOJ’s Civil Division lawyers did not forward EFF’s email to DOJ’s National Security Division lawyers, they claim, because the Civil Division lawyers did not agree with EFF’s interpretation of the protection order.

For these reasons, counsel did not think to forward the email from Jewel Plaintiffs’ counsel to the attorneys with primary responsibility for interaction with this Court before the Court ruled on the Motion for Second Amendment. The Department wishes to assure the Court that it has always endeavored to maintain close coordination within the Department regarding civil litigation matters that involve proceedings before this Court, and will take even greater care to do so in the future.

5. DOJ told EFF to hold off formally alerting any Court in the belief that it could tell EFF about the preservation plan which could have been declassified in December but did not get declassified until 10 days after FISC issued its initial order requiring DOJ to destroy data, and that would solve everything.

In particular, the request in its February 28 email that counsel for the Jewel plaintiffs “forbear from filing anything with the FISC, or [the district court], until we have further opportunity to confer” was a good faith attempt to avoid unnecessary motions practice in the event that the issue could be worked out among the parties through the Government’s provision of an unclassified explanation concerning its preservation in Jewel and Shubert.

Read more

Newly-Released Dragnet Order Suggests Spike in 215 Orders May Include Financial Records

I Con the Record reissued less classified versions of two Section 215 orders: the March 2, 2009 one that sharply restricted the phone dragnet without much new declassified, and the June 22, 2009 one that dealt, in part, with FBI and CIA access to the data in both the Internet and phone dragnet, showing both those parts unclassified in the same order (previously the government had released two separate versions — phone, Internet — with different things declassified).

The only new document was a November 23, 2010 order, modeled closely on a December 12, 2008 one. The earlier one had judged that the Stored Communication Act’s limits on collection did not preclude the use of Section 215 to collect phone records. This one judged that the Right to Financial Privacy Act did not preclude the use of Section 215 to collect financial records. Both opinions basically find that because those laws permit the use of National Security Letters to obtain such records without judicial review, clearly it’s okay to obtain the same records with judicial review under Section 215.

Of course, we know that in the phone context — and so presumably also in the financial records context — the use of Section 215 also entailed bulk, potentially comprehensive collection. While some bulk collection occurred under NSLs, especially for phone records (we know that because that’s the only category of NSL that doesn’t get accounted individually in public records), and while we assume bulk collection occurred under Bush’s illegal program via other means, moving a new kind of record under Section 215 may represent the institutionalization of bulk collections of another type of document.

Aside from revealing that this order pertained to financial records, we don’t know much about the underlying order. The order says the records were provided to the FBI (though WSJ and NYT reported CIA used Section 215 to get money order records). It uses “financial records” in scare quotes, so it is possible it is something beyond just bank records. And the fact that it was stamped by John Bates (then the presiding judge) suggests it may have been regarded as rather significant.

All that said, this opinion doesn’t necessarily mark November 2010 as the date the government started using Section 215 to collect (presumably bulk) financial records. After all, the government collected phone records for over 2 years before answering the seemingly obvious question of whether doing so violated other laws. I suspect they did so in 2008 in response to questions then DOJ Inspector General Glenn Fine kept raising about Section 215. And it is perhaps instructive that Fine was, in November 2010, working on a new Section 215 review, one that has since been delayed, in part by ODNI and DOJ refusal to declassify a number of documents, for 1,371 days.

Perhaps it’s just a remarkable coinkydink, but Fine resigned 6 days after this FISC ruling was issued.

Two more details about this. First, as I have shown, DOJ appears to have been hiding details about Section 215 from Congress during this period, though the only financial records they would have been obliged to disclose were tax records.

In addition, the number Section 215 orders started going up drastically in 2010, along with the number of orders the FISC modified to require minimization procedures.

Nevertheless, the reports show us two new things.

Screen shot 2013-11-22 at 8.52.29 AM

First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:

The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).

The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).

I’ve suggested that 176 modified applications may suggest the government has as many as 44 bulk collection programs, which would be renewed every three months  (or, alternately, a whole lot more specific bulk collection orders).

That is, this rise in what are almost certainly bulk collection orders came around the same time as FISC “Bates-stamped” the collection of financial records with Section 215.

Finally, consider one more thing. Last year, 26 Senators raised concerns about credit card records; last week’s RuppRoge House Intelligence Committee dragnet fix doesn’t prohibit the bulk collection of credit card records (their list, I now realize, is based off the list of sensitive records currently written into Section 215). Credit card records are covered under FRPA.

So while it would be a wildarsed guess, it would not be unreasonable to guess that some of this spike in bulk collection involved credit card records, approved by this November 2010 opinion.

Any bets we’ll finally get that DOJ IG Report on Section 215, showing that’s what they’ve been doing?

DOJ’s Multiple Authorities for Destroying Evidence

It seems like aeons ago, but just a week ago, EFF and DOJ had a court hearing over preserving evidence in the EFF lawsuits (Shubert, Jewel, and First Unitarian Church v. NSA). As I noted in two posts, a week ago Monday DOJ surprised EFF with the news that it had been following its own preservation plan, which it had submitted ex parte to Vaughn Walker, rather than the order Walker subsequently imposed. As a result, it has been aging off data in those programs (notably the PATRIOT-authorized Internet and phone dragnets) authorized by law, as opposed to what it termed Presidential authorization. DOJ’s behavior makes it clear that it is  trying to justify treating some data differently by claiming it was collected under different authorities.

Remember, there are at least five different legal regimes involved in the metadata dragnet:

  • EO 12333 authority for data going back to at least 1998
  • Stellar Wind authority lasting until 2004, 2006, and 2007 for different practices
  • PATRIOT-authorized authorities for Internet (until 2011) and phone records (until RuppRoge or something else passes)
  • SPCMA, which is a subset of EO 12333 authority that conducts potentially problematic contact chaining integrating US person Internet metadata
  • Five Eyes, which is EO 12333, but may involve GCHQ equities or, especially, ownership of the data

At the hearing and in their motions, EFF argued that their existing suits are not limited to any particular program (they didn’t name all these authorities, but they could have). Rather, they are about the act of dragnetting, regardless of what authority (so they’ll still be live suits after RuppRoge passes, for example).

EFF appears to have at least partly convinced Judge Jeffrey White, because on Friday he largely sided with EFF, extending the preservation order and — best as I can tell — endorsing EFF’s argument that their suits cover the act of dragnetting, rather than just the Stellar Wind, FISA Amendments Act, or phone and Internet dragnets.

With that as background, I want to look at a few things from the transcript of last Wednesday’s hearing. Read more

NSA Bids to Expand Spying in Guise of “Fixing” Phone Dragnet

Dutch Ruppersberger has provided Siobhan Gorman with details of his plan to “fix” the dragnet — including repeating the laughable claim that the “dragnet” (which she again doesn’t distinguish as solely the Section 215 data that makes up a small part of the larger dragnet) doesn’t include cell data.

Only, predictably, it’s not a “fix” of the phone dragnet at all, except insofar as NSA appears to be bidding to use it to do all the things they want to do with domestic dragnets but haven’t been able to do legally. Rather, it appears to be an attempt to outsource to telecoms some of the things the NSA hasn’t been able to do legally since 2009.

For example, there’s the alert system that Reggie Walton shut down in 2009.

As I reported back in February, the NSA reportedly has never succeeded in replacing that alert system, either for technical or legal reasons or both.

NSA reportedly can’t get its automated chaining program to work. In the motion to amend, footnote 12 — which modifies part of some entirely redacted paragraphs describing its new automated alert approved back in 2012 — reads:

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

PCLOB describes this automated alert this way.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. The database places the results of these queries together in a repository called the “corporate store.”

It has been 15 months since FISC approved this alert, but NSA still can’t get it working.

I suspect this is the root of the stories claiming NSA can only access 30% of US phone records.

As described by WSJ, this automated system will be built into the orders NSA provides telecoms; once a selector has been provided to the telecoms, they will keep automatically alerting on it.

Under the new bill, a phone company would search its databases for a phone number under an individual “directive” it would receive from the government. It would send the NSA a list of numbers called from that phone number, and possibly lists of phone numbers those numbers had called. A directive also could order a phone company to search its database for such calls as future records come in. [my emphasis]

This would, presumably, mean NSA still ends up with a corporate store, a collection of people against whom the NSA has absolutely not a shred of non-contact evidence, against whom they can use all their analytical toys, including searching of content.

Note, too, that this program uses the word “directive,” not query. Directive comes from the PRISM program, where the NSA gives providers generalized descriptions and from there have broad leeway to add new selectors. Until I hear differently, I’ll assume the same is true here: that this actually involves less individualized review before engaging in 2 degrees of Osama bin Laden.

The legislation seems ripe for inclusion of querying of Internet data (another area where the NSA could never do what it wanted to legally after 2009), given that it ties this program to “banning” (US collection of, but Gorman doesn’t say that either, maintaining her consistency in totally ignoring that EO 12333 collection makes up the greater part of bulk programs) Internet bulk data collection.

The bill from Intelligence Committee Chairman Mike Rogers (R., Mich.) and his Democratic counterpart, Rep. C.A. “Dutch” Ruppersberger (D., Md.), would ban so-called bulk collection of phone, email and Internet records by the government, according to congressional aides familiar with the negotiations. [my emphasis]

Call me crazy, but I’m betting there’s a way they’ll spin this to add in Internet chaining with this “fix.”

Note, too, Gorman makes no mention of location data, in spite of having tied that to her claims that NSA only collects 20% of data. Particularly given that AT&T’s Hemisphere program provides location data, we should assume this program could too, which would present a very broad expansion on the status quo.

And finally, note that neither the passage I quoted above on directives to providers, nor this passage specifies what kind of investigations this would be tied to (though they are honest that they want to do away with the fig leaf of this being tied to investigations at all).

The House intelligence committee bill doesn’t require a request be part of an ongoing investigation, Mr. Ruppersberger said, because intelligence probes aim to uncover what should be investigated, not what already is under investigation.

Again, the word “directive” in the PRISM context also provides the government the ability to secretly pass new areas of queries — having expanded at least from counterterrorism to counterproliferation and cybersecurity uses. So absent some very restrictive language, I would assume that’s what would happen here: NSA would pass it in the name of terrorism, but then use it primarily for cybersecurity and counterintelligence, which the NSA considers bigger threats these days.

And that last suspicion? That’s precisely what Keith Alexander said he planned to do with this “fix,” presumably during the period when he was crafting this “fix” with NSA’s local Congressman: throw civil libertarians a sop but getting instead an expansion of his cybersecurity authorities.

Update: Here’s Spencer on HPSCI, confirming it’s as shitty as I expected.

And here’s Charlie Savage on Obama’s alternative.

It would:

  • Keep Section 215 in place, though perhaps with limits on whether it can be used in this narrow application
  • Enact the same alert-based system and feed into the corporate store, just as the HPSCI proposal would
  • Include judicial review like they have now (presumably including automatic approval for FISA targets)

Obama’s is far better than HPSCI (though this seems to be part of a bad cop-good cop plan, and the devil remains in the details). But there are still some very serious concerns.

The October 30, 2009 Statement of Authorities: The EFF Document Fight Could Get Very Interesting

If the Chief FISC Judge accuses the government of material misrepresentations but no one but a dirty fucking hippie blogger reports it, did it happen?

On Friday, I reported on Judge Reggie Walton’s cranky opinion asking for an explanation about why the government didn’t tell him EFF believed they had a protection order in cases relevant to the dragnets. And while it overstates the resounding silence to say that only your esteemed DFH host reported it — TechDirt had a good reportsome of the other reporting on it thus far seems to have missed the whole material misrepresentation judgement in Walton’s order.

But I think it’s not yet clear — to anyone — how interesting this document fight could get.

Just as one example of why (I’ll develop some of the others over the next couple of days, I hope), consider the October 30, 2009 statement of authorities.

Earlier this month, I noted that EFF had submitted a list of filings that the government had not released in spite of what they believed to be Judge Jeffrey White’s order to declassify everything.

  • April 9, 2007 notices indicating FISC Judge rejected early bulk orders
  • October 25, 2007 government challenge to motion to protect evidence, with ex parte NSA official declaration submitted in Shubert
  • April 3, 2009 supplemental memorandum in Jewel
  • October 30, 2009 supplemental memorandum on points of authority in Shubert
  • November 2012

In last Wednesday’s hearing, the government claimed they didn’t have to release these because they engaged in a colloquy limiting White’s orders to the state secrets declarations. And for the moment, I’ll take that as accurate.

But since then, the government has released one of these — the October 25, 2007 challenge to the protection motion — as part of their filing on Monday fighting a protection order in EFF’s phone dragnet suit. And that document was pretty stunning. Not only did it show the government had redefined the Multidistrict Litigation suits so as to exclude any of the FISA-authorized metadata dragnets that EFF of course had no way of knowing about yet. But in the filing, the government revealed that because of this filing and in defiance of Vaughn Walker’s November 2007 protection order, it has been destroying the metadata dragnet data in the interim.

In other words, the government is withholding these filings because they’re fairly damning.

Which got me thinking about the timing and significance of the October 30, 2009 supplemental memorandum on points of authority supporting a motion to dismiss the Shubert suit based on sovereign immunity and state secrets.

At one level, the memorandum is not all that suspicious. As you can see above, the government filed what is presumably roughly the same filing at the analogous time in Jewel, just as it was making its state secrets bid.

But I find the timing of the October 30 filings in Shubert to be of particular interest. That’s because a 2011 NSA training program seems to indicate that the Internet dragnet shut down at almost precisely that time, as it indicates that Internet dragnet data collected prior to November 2009 requires some sort of special treatment.

In addition, in the source information at the end of the line, the SIGAD [redacted] BR data can be recognized by SIGADs beginning with [redacted] For PR/TT, data collected after October 2010 is found [redacted] For a comprehensive listing of all the BR and PR/TT SIGADs as well as information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert.

Remember, Shubert was suing for illegal wiretapping. And while Judge John Bates did not fully assess what NSA was doing — which appears to be collecting data that counts as content in the guise of collecting metadata — until the following year (some time between July and October 2010), when he did so, he implied the government had to comply with the laws in which they were claiming, in 2009, they had sovereign immunity. And the government had to know by that point they had serious legal problems with the Internet dragnet.

Indeed, the government kept asking for extensions leading up to this filing — at the time they claimed it was because of DOJ’s whats-old-is-new state secrets policy. Altogether they got an extra 22 days to file this filing (which should have been substantially similar to the ones they filed in April). They were almost certainly having still-undisclosed problems with the phone dragnet (probably relating to dissemination of data), as the October 30, 2009 phone dragnet orders is one of the ones the government has withheld even though it is obviously responsive to ACLU and EFF’s FOIA. But the discussions on the Internet dragnet must have been even more contentious, given that the FISC (probably either Reggie Walton or John Bates) refused to reauthorize it. (Note, October 30, 2009 was a Friday, so if FISC formally didn’t approve the Internet dragnet in October 2009, it would have been that day).

And the thing is, from Keith Alexander’s state secrets declaration, submitted perhaps hours and almost certainly no more than a month before the Internet dragnet got shut down because it was illegally collecting metadata that was legally content, it’s not at all clear that the government fully disclosed details they knew about those legal problems with the dragnet. Look closely at ¶¶ 27 and 28, ¶¶48-56, ¶¶58-62 with footnotes.

The phone dragnet description hides the problems with ongoing dissemination problems (which the Administration hid from Congress, as well). It also makes no mention that the phone dragnet had US persons on an alert list without reviewing those selectors for First Amendment review, something that should be central to the suits against NSA (see in particular ¶60). And while there are redacted sentences and footnotes — 13 and 24 — which could include notice that the government was (and had been, since the inception of the FISC-authorized Internet dragnet) collecting metadata that counted as content, those are all very brief descriptions. Moreover, the unredacted descriptions clearly claim that the Internet dragnet program collects no content, which legally it almost certainly did. Moreover, note that the references to the Internet dragnet speak of it in the present tense: “Pursuant to the FISA Pen Register, …. NSA is authorized to collect in bulk.”But there doesn’t seem to be the parallel structure in ¶28 where you’d expect the government to confess that the program was imminently shutting down because it was illegally collecting Internet content.

Note, too, how the declaration refers to the reauthorizations. ¶59 describes the phone dragnet authority “continuing until October 30, 2009” and ¶58 describes the Internet dragnet “requires continued assistance by the providers through [redacted] 2009. They appear not to have known for sure whether the programs would be reauthorized that night! But they appear not to have explained why not.

Perhaps the most pregnant paragraph is ¶62, which in context appears to relate only to the phone dragnet, though I suspect the government would point to to claim their description of violations was not comprehensive:

NSA is committed to working with the FISC on this and other compliance issues to ensure that this vital intelligence tool works appropriately and effectively. For purposes of this litigation, and the privilege assertions now made by the DNI and by the NSA, the intelligence sources and methods described herein remain highly classified and the disclosure that [redacted] would compromise vital NSA sources and methods and result in exceptionally grave harm to national security.

By any measure, Alexander’s declaration falls short of what the government already knew at that time, demonstrably so in the case of the phone dragnet. He hid details — significantly, the watchlist of Americans that violated statute, and almost certainly that the NSA was collecting content in the name of metadata — that were material to the suits at hand.

Which brings me to the memo on authorities. Even as the government was hiding material violations of the statutes they were disclosing to Judge Walker, was it also making expansive Executive Authority claims it couldn’t (and still can’t) share with plaintiffs? Did the government, for example, make an Executive Authority claim that we have every reason to believe John Bates (especially) and Reggie Walton would rebut if they knew about it?

In any case, in addition to the watchlist data from those 3,000 US persons (which would have aged off last month otherwise), the last of the illegal Internet content-as-metadata data might be aged off as soon as April absent these stays.That data might well provide plaintiffs proof they were illegally wiretapped (note, the Internet dragnet was limited to certain switches, but Jewel was built around the Folsom Street switch which was almost certainly included in that). And that the government provided highly misleading descriptions to Vaughn Walker when bidding for a state secrets exemption.

And add in one more legal fight here: as I noted, DOJ is withholding the October 30, 2009 (as well as one later one from 2009) from both the ACLU and EFF (the EFF suit is before a different San Francisco judge). In addition, DOJ is refusing all push for expedited processing on FOIAs for the Internet dragnet filings.

Seeing how clearly manipulative their data release in these lawsuits is, it seems safe to suggest the government is also making FOIA decisions to prevent plaintiffs from obtaining information to really contest these suits. That shouldn’t surprise anyone. But I would hope it would piss off the judges.