Posts

FBI Still Not Counting How Often Encryption Hinders Their Investigations

The annual wiretap report is out. The headline number is that wiretaps have gone up, and judges still don’t deny any wiretap applications.

The number of federal and state wiretaps reported in 2015 increased 17 percent from 2014.   A total of 4,148 wiretaps were reported as authorized in 2015, with 1,403 authorized by federal judges and 2,745 authorized by state judges.  Compared to the applications approved during 2014, the number approved by federal judges increased 10 percent in 2015, and the number approved by state judges increased 21 percent.  No wiretap applications were reported as denied in 2015.

The press has focused more attention on the still very small number of times encryption thwarts a wiretap.

The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to 7 in 2015.  In all of these wiretaps, officials were unable to decipher the plain text of the messages.  Six federal wiretaps were reported as being encrypted in 2015, of which four could not be decrypted.  Encryption was also reported for one federal wiretap that was conducted during a previous year, but reported to the AO for the first time in 2015.  Officials were not able to decipher the plain text of the communications in that intercept.

Discussing the number — which doesn’t include data at rest — on Twitter got me to look at something that is perhaps more interesting.

Back in July 2015, 7 months into the period reported on today, Deputy Attorney General Sally Yates and FBI Director Jim Comey testified in a “Going Dark” hearing. Over the course of the hearing, they admitted that they simply don’t have the numbers to show how big a problem encryption is for their investigations, and they appeared to promise to start counting that number.

Around January 26, 2016 (that’s the date shown for document creation in the PDF) — significantly, right as FBI was prepping to go after Syed Rizwan Farook’s phone, but before it had done so — Comey and Yates finally answered the Questions for the Record submitted after the hearing. After claiming, in a response to a Grassley question on smart phones, “the data on the majority of the devices seized in the United States may no longer be accessible to law enforcement even with a court order or search warrant,” Comey then explained that they do not have the kind of statistical information Cy Vance claims to keep on phones they can’t access, explaining (over five months after promising to track such things),

As with the “data-in-motion” problem, the FBI is working on improving enterprise-wide quantitative data collection to better explain the “data-at-rest” problem.”

[snip]

As noted above, the FBI is currently working on improving enterprise-wide quantitative data collection to better understand and explain the “data at rest” problem. This process includes adopting new business processes to help track when devices are encountered that cannot be decrypted, and when we believe leads have been lost or investigations impeded because of our inability to obtain data.

[snip]

We agree that the FBI must institute better methods to measure these challenges when they occur.

[snip]

The FBI is working to identify new mechanisms to better capture and convey the challenges encountered with lawful access to both data-in-motion and data-at =-rest.

Grassley specifically asked Yates about the Wiretap report. She admitted that DOJ was still not collecting the information it promised to back in July.

The Wiretap Report only reflects the number of criminal applications that are sought, and not the many instances in which an investigator is dissuaded from pursuing a court order by the knowledge that the information obtained will be encrypted and unreadable. That is, the Wiretap Report does not include statistics on cases in which the investigator does not pursue an interception order because the provider has asserted that an intercept solution does not exist. Obtaining a wiretap order in criminal investigations is extremely resource-intensive as it requires a huge investment in agent and attorney time, and the review process is extensive. It is not prudent for agents and prosecutors to devote resources to this task if they know in advance the targeted communications cannot be intercepted. The Wiretap Report, which applies solely to approved wiretaps, records only those extremely rare instances where agents and prosecutors obtain a wiretap order and are surprised when encryption prevents the court-ordered interception. It is also important to note that the Wiretap Report does not include data for wiretaps authorized as part of national security investigations.

These two answers lay out why the numbers in the Wiretap Report are of limited value in assessing how big a problem encryption is.

But they also lay out how negligent DOJ has been in responding to the clear request from SJC back in July 2015.

Why Doesn’t Dianne Feinstein Want to Prevent Murders Like those Robert Dear Committed?

In response to Chris Murphy’s 15 hour filibuster, Democrats will get a vote on several gun amendments to an appropriations bill, one mandating background checks for all gun purchases, another doing some kind of check to ensure the purchaser is not a known or suspected terrorist.

The latter amendment is Dianne Feinstein’s (see Greg Sargent’s piece on it here). It started as a straight check against the No Fly list (which would not have stopped Omar Mateen from obtaining a gun), but now has evolved. It now says the Attorney General,

may deny the transfer of a firearm if [she] determines, based on the totality of the circumstances, that the transferee represents a threat to public safety based on a reasonable suspicion that the transferee is engaged, or has been engaged, in conduct constituting, in preparation for, in aid of, or related to terrorism, or providing material support or resources therefor.

[snip]

The Attorney General shall establish, within the amounts appropriated, procedures to ensure that, if an individual who is, or within the previous 5 years has been, under investigation for conduct related to a Federal crime of terrorism, as defined in section 2332b(g)(5) of title 18, United States Code, attempts to purchase a firearm, the Attorney General or a designee of the Attorney General shall be promptly notified of the attempted purchase.

The way it would work is a background check would trigger a review of FBI files; if those files showed any “investigation” into terrorism, the muckety mucks would be notified, and they could discretionarily refuse to approve the gun purchase, which they would almost always do for fear of being responsible if something happened.

The purchaser could appeal through the normal appeals process (which goes first to the AG and then to a District Court), but,

such remedial procedures and judicial review shall be subject to procedures that may be developed by the Attorney General to prevent the unauthorized disclosure of information that reasonably could be expected to result in damage to national security or ongoing law enforcement operations, including but not limited to procedures for submission of information to the court ex parte as appropriate, consistent of due process.

Given that an AG recently deemed secret review of Anwar al-Awlaki’s operational activities to constitute enough due process to execute him, the amendment really should be far more specific about this (including requiring the government to use CIPA). When you give the Executive prerogative to withhold information, they tend to do so, well beyond what is adequate to due process.

But there are two other problems with this amendment, one fairly minor, one very significant.

First, minor, but embarrassing, given that Feinstein is on the Senate Judiciary Committee and Ranking Member Pat Leahy is a cosponsor. This amendment doesn’t define what “investigate” means, which is a term of art for the FBI (which triggers each investigative method to which level of investigation you’re at). Given that it is intended to reach someone like Omar Mateen, it must intend to extend to “Preliminary Investigations,” which “may be opened on the basis of any ‘allegation or information’ indicative of possible criminal activity or threats to national security.” Obviously, the Mateen killing shows that someone can exhibit a whole bunch of troubling behaviors and violence yet not proceed beyond the preliminary stage (though I suspect we’ll find the FBI missed a lot of what they should have found, had they not had a preconceived notion of what terrorism looks like and an over-reliance on informants rather than traditional investigation). But in reality, a preliminary investigation is a very very low level of evidence. Yet it would take a very brave AG to approve a gun purchase for someone who had hit a preliminary stage, because if that person were to go onto kill, she would be held responsible.

Also note, though, that I don’t think Syed Rizwan Farook had been preliminarily investigated before his attack last year, though he had been shown to have communicated with someone of interest (which might trigger an assessment). So probably, someone would try to extend it to “assessment” or “lead” stages, which would be an even crazier level of evidence. By not carefully defining what “investigate” means, then, the amendment invites a slippery slope in the future to include those who communicate with people of interest (which is partly what the Terrorist Watch — not No-Fly — list consists of now).

Here’s the bigger problem. As I’ve noted repeatedly, our definition of terrorism (which is the one used in this amendment) includes a whole bunch of biases, which not only disproportionately affect Muslims, but also leave out some of our most lethal kinds of violence. For example, the law treats bombings as terrorist activities, but not mass shootings (so effectively, this law would seem to force actual terrorists into pursuing bombings, because they’d still be able to get those precursors). It is written such that animal rights activists and some environmentalists get treated as terrorists, but not most right wing hate groups. So for those reasons, the law would not reach a lot of scary people with guns who might pose as big a threat as Mateen or Farook.

Worse, the amendment reaches to material support for terrorism, which in practice (because it is almost always applied only for Muslim terrorist groups) has a significantly disproportionate affect on Muslims. In Holder v Humanitarian Law Project, SCOTUS extended material support to include speech, and Muslims have been prosecuted for translating violent videos and even RTing an ISIS tweet. Speech (and travel) related “material support” don’t even have to extend to formal terrorist organizations, meaning certain kinds of anti-American speech or Middle East travel may get you deemed a terrorist.

In other words, this amendment would deprive Muslims simply investigated (possibly even just off a hostile allegation) for possibly engaging in too much anti-American speech of guns, but would not keep guns away from anti-government or anti-choice activists advocating violence.

Consider the case of anti-choice Robert Dear, the Colorado Springs Planned Parenthood killer. After a long delay (in part because his mass killing in the name of a political cause was not treated as terrorism), we learned that Dear had previously engaged in sabotage of abortion clinics (which might be a violation of FACE but which is not treated as terrorism), and had long admired clinic killer Paul Hill and the Army of God. Not even Army of God’s ties to Eric Rudolph, the 1996 Olympics bomber, gets them treated as a terrorist group that Dear could then have been deemed materially supporting. Indeed, it was current Deputy Attorney General Sally Yates who chose not to add any terrorism enhancement to Rudolph’s prosecution. Dear is a terrorist, but because his terrorism doesn’t get treated as such, he’d still have been able to obtain guns legally under this amendment.

For a whole lot of political reasons, Muslims engaging in anti-American rants can be treated as terrorists but clinic assassins are not, and because of that, bills like this would not even keep guns out of the hands of some of the most dangerous, organizationally networked hate groups.

Now, I actually have no doubt that Feinstein would like to keep guns out of the hands of people like Robert Dear and — especially given her personal tie to Harvey Milk’s assassination — out of the hands of violent homophobes. But this amendment doesn’t do that. Rather, it predominantly targets just one group of known or suspected “terrorists.” And while the instances of Islamic extremists using guns have increased in recent years (as more men attempt ISIS-inspired killings of soft targets), they are still just a minority of the mass killings in this country.

FBI Has Been Not Counting Encryption’s Impact on Investigations for Over a Decade

During the first of a series of hearings in the last year in which Jim Comey (at this particular hearing, backed by Deputy Attorney General Sally Yates) pushed for back doors, they were forced to admit they didn’t actually have numbers proving encryption was a big problem for their investigations because they simply weren’t tracking that number.

On the issue on which Comey — and his co-witness at the SJC hearing, Deputy Attorney General Sally Yates — should have been experts, they were not. Over an hour and a quarter into the SJC hearing, Al Franken asked for actual data demonstrating how big of a problem encryption really is. Yates replied that the government doesn’t track this data because once an agency discovers they’re targeting a device with unbreakable encryption, they use other means of targeting. (Which seems to suggest the agencies have other means to pursue the targets, but Yates didn’t acknowledge that.) So the agencies simply don’t count how many times they run into encryption problems. “I don’t have good enough numbers yet,” Comey admitted when asked again at the later hearing about why FBI can’t demonstrate this need with real data.

In point of fact, a recent wiretap report shows that in the criminal context, at least, federal agencies do count such incidences, sometimes. But they don’t report the numbers in a timely fashion (5 of the 8 encrypted federal wiretaps reported in 2014 were from earlier years that were only then being reported), and agencies were eventually able to break most of the encrypted lines (also 5 of 8). Moreover, those 8 encrypted lines represented only 0.6 percent of all their wiretaps (8 of 1279). Reporting for encrypted state wiretaps were similarly tiny. Those numbers don’t reflect FISA wiretaps. But there, FBI often partners with NSA, which has even greater ability to crack encryption.

In any case, rather than documenting the instances where encryption thwarted the FBI, Comey instead asks us to just trust him.

Which is important background to an ancillary detail in this NYT story on how FBI tried a work-around for PGP in 2003 — its first attempt to do so — to go after some animal rights activists (AKA “eco-terrorists).

In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable.

So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.

[snip]

“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an F.B.I. agent wrote in a 2005 document summing up the case.

DOJ didn’t include this encounter with encryption in the wiretap reports that mandate such reporting.

It is also unclear why the Justice Department, which is required to report every time it comes across encryption in a criminal wiretap case, did not do so in 2002 or 2003. The Justice Department and F.B.I. did not comment Wednesday.

It didn’t count that encounter with crypto even though FBI was discussing — as Bob Litt would 13 years later — exploiting fears of “terrorism” to get Congress to pass a law requiring back doors.

“The current terrorism prevention context may present the best opportunity to bring up the encryption issue,” an F.B.I. official said in a December 2002 email. A month later, a draft bill, called Patriot Act 2, revealed that the Justice Department was considering outlawing the use of encryption to conceal criminal activity. The bill did not pass.

Now, it may be that, as remained the case until last year, FBI simply doesn’t record that they encountered encryption and instead tries to get the information some other way. But by all appearances, encryption was tied to that wiretap.

Which suggests another option: that FBI isn’t tracking how often it encounters encryption because it doesn’t want to disclose that it is actually finding a way around it.

That’d be consistent with what they’ve permitted providers to report in their transparency reports. Right now, providers are not permitted to report on new collection (say, collection reflecting the compromise of Skype) for two years after it starts. The logic is that the government is effectively giving itself a two year window of exclusive exploitation before it will permit reporting that might lead people to figure out something new has been subjected to PRISM or other collection.

Why would we expect FBI to treat its own transparency any differently?

Update: This post has been updated to include more of the NYT article and a discussion of how encryption transparency may match provider transparency.

Sally Yates Doth Protest Too Much

Some months ago Ninth Circuit Judge Alex Kozinski wrote an important piece talking about the many way criminal prosecutions are not fair. A lot of it focused on the imperfect process behind key ingredients of prosecutions — eye witness testimony, fingerprint analysis, plea deals. But he also reprised his argument that we’ve seen an epidemic of Brady violations in recent years.

The Supreme Court has told us in no uncertain terms that a prosecutor’s duty is to do justice, not merely to obtain a conviction.38 It has also laid down some specific rules about how prosecutors, and the people who work for them, must behave—principal among them that the prosecution turn over to the defense exculpatory evidence in the possession of the prosecution and the police.39 There is reason to doubt that prosecutors comply with these obligations fully. The U.S. Justice Department, for example, takes the position that exculpatory evidence must be produced only if it is material.40 This puts prosecutors in the position of deciding whether tidbits that could be helpful to the defense are significant enough that a reviewing court will find it to be material, which runs contrary to the philosophy of the Brady/Giglio line of cases and increases the risk that highly exculpatory evidence will be suppressed. Beyond that, we have what I have described elsewhere as an “epidemic of Brady violations abroad in the land,”41 a phrase that has caused much controversy but brought about little change in the way prosecutors operate in the United States.

As Zoe Tillman writes, the DOJ is rolling out an effort to tell itself that the mean things said by a top Appellate judge aren’t true. Deputy Attorney General Sally Yates is going to give a speech telling prosecutors not to listen to that mean bully.

Deputy Attorney General Sally Yates on Tuesday is expected to deliver a rallying speech to a meeting of prosecutors that is a further response—albeit indirect—to Kozinski’s article.

Yates will say that the “overwhelming majority” of prosecutors honor their legal and ethical obligations, including the requirement that they turn over potentially favorable information to defense lawyers, according to a copy of her prepared remarks.

Yates’ planned remarks criticize defense lawyers who make allegations of prosecutorial misconduct “a standard litigation strategy,” and others who “irresponsibly” make misconduct allegations.

“Prosecutors are in these jobs because we care about our solemn obligation to seek justice, and when someone unfairly impugns that commitment, it strikes at the core of who we are,” Yates, who will speak at the National Prosecution Summit in Washington, is expected to say.

And the Associate Deputy Attorney General Andrew Goldsmith and U.S. Attorney John Walsh of Colorado wrote this letter, attempting to rebut that mean bully.

On its face, the entire effort is farcical. In recent years, DOJ has rewarded lawyers who helped it get away with misconduct. It failed, for years to give proper notice of Section 702 surveillance to defendants, and still hasn’t corrected the record with the Supreme Court about its false claim that it had been doing so. And until this summer, David Margolis served as an unwavering shield against DOJ actually disciplining its own.

But the funniest part of DOJ’s pushback is this paragraph from Goldsmith and Walsh’s letter.

On several occasions, Judge Kozinski referenced the prosecution of former senator Ted Stevens. The Stevens case, as others have noted, involved significant discovery failures and deserves to be held up as an object lesson to prosecutors. But the Department’s efforts in the aftermath of that case also deserve discussion. One of Eric Holder’s first acts after his swearing in as Attorney General was to seek dismissal of the conviction. In the months that followed, the Department undertook a sweeping review of its discovery-related procedures and instituted a string of new policies. All federal prosecutors, regardless of experience level, are now required to attend annual discovery trainings, while new prosecutors must attend rigorous, multi-day “discovery boot camps.” The Department developed a series of new policies governing the collection and disclosure of electronically stored information. And the Department established an extensive infrastructure of experienced prosecutors to focus on discovery issues, including a full-time national criminal discovery coordinator (who reports directly to the Deputy Attorney General, second only to the Attorney General herself at the Department of Justice) and discovery coordinators at each of the 93 U.S. Attorney’s Offices across the country.

That mean bully Alex Kozinski was wrong to bring up the time DOJ engaged in willful prosecutorial misconduct even of one of the most powerful men in the country, they say, because when caught doing so DOJ rolled out a system to try to prevent that from happening again.

Except that’s not all DOJ did. First, it went to great lengths to hide the independent review of its actions — a review which showed fairly rampant abuse. Then, when it conducted its own discipline of those who engaged in that abuse, it not only focused on the lower level prosecutors, but it also did nothing more than slap their wrists.

A Justice Department internal investigation of the botched prosecution of Ted Stevens concluded two prosecutors committed reckless professional misconduct and should be sanctioned through forced time off without pay.

DOJ officials recommended Joseph Bottini be suspended without pay for 40 days and James Goeke be suspended for 15 days without pay. DOJ did not find that either prosecutor acted intentionally to violate ethics rules, a finding that is contrary to a parallel criminal investigation.

Again, the Stevens case is a picture of what happens when prosecutorial misconduct is wielded against a very powerful white man — someone far more protected from abuse than the average federal defendant — and this is how things ended up, with a wrist-slap.

Maybe under her tenure, Yates plans to change this. Or maybe she just wants prosecutors not to worry too much about that bully in the Ninth.

But she needs to prove her intent through actions, not words, and thus far there’s little sign of those actions.

Update: Patrick Toomey also reminds me that DOJ the National Association of Criminal Defense Lawyers has been trying to get DOJ to share its guidelines on Brady, but thus far they’ve refused to give it over. NACDL has now appealed that to the DC Circuit.

The Loopholes in DOJ’s New Stingray Policy

DOJ just announced a new policy on use of Stingrays which requires a warrant and minimization of incidentally-collected data. It’s big news and an important improvement off the status quo.

But there are a few loopholes.

Exigent and emergency uses

First, the policy reserves exigent uses. The exigent uses include most of DOJ Agencies known uses of Stingrays now.

These include the need to protect human life or avert serious injury; the prevention of the imminent destruction of evidence; the hot pursuit of a fleeing felon; or the prevention of escape by a suspect or convicted fugitive from justice.

[snip]

In addition, in the subset of exigent situations where circumstances necessitate emergency pen register authority pursuant to 18 U.S.C. § 3125 (or the state equivalent), the emergency must be among those listed in Section 3125: immediate danger of death or serious bodily injury to any person; conspiratorial activities characteristic of organized crime; an immediate threat to a national security interest; or an ongoing attack on a protected computer (as defined in 18 U.S.C. § 1030) that constitutes a crime punishable by a term of imprisonment greater than one year.

We know the US Marshals constitute the most frequent users of admitted Stingray use — they’d be covered in prevention of escape by a fugitive. DEA seems to use them a lot (though I think more of that remains hidden). That’d include “conspiratorial activities characteristic of organized crime.” And it’s clear hackers are included here, which includes the first known use, to capture Daniel Rigmaiden.

And I’m not sure whether the exigent/emergency use incorporates the public safety applications mentioned in the non-disclosure agreements localities sign with the FBI, or if that’s included in this oblique passage.

There may also be other circumstances in which, although exigent circumstances do not exist, the law does not require a search warrant and circumstances make obtaining a search warrant impracticable. In such cases, which we expect to be very limited, agents must first obtain approval from executive-level personnel at the agency’s headquarters and the relevant U.S. Attorney, and then from a Criminal Division DAAG. The Criminal Division shall keep track of the number of times the use of a cell-site simulator is approved under this subsection, as well as the circumstances underlying each such use.

In short, many, if not most, known uses are included in exceptions to the new policy.

Notice to defendants

The many known uses of Stingrays where warrants would not be necessary — and where DOJ would therefore just be using a PRTT — are of particular importance given the way new disclosure requirements work. There are, to be sure, admirable new requirements to tell judges what the fuck they’re approving and what it means. But nothing explicitly says defendants will not get noticed. DOJ has said no past or current usage of Stingrays will get noticed to defendants. And all these non-warrant uses of Stingrays will be noticed either, probably. In other words, this returns things to the condition where defendants won’t know — because they would normally expect to see a warrant that wouldn’t exist in these non-warrant uses.

Sharing with localities

The policy doesn’t apply to localities, which increasingly have their own Stingrays they permit federal agencies to use. Curiously, the language applying this policy to federal cooperation with localities would suggest the federal rules only apply if the Feds are supporting localities, not if the reverse (FBI borrowing Buffalo’s Stingray, for example) is the case.

The Department often works closely with its State and Local law enforcement partners and provides technological assistance under a variety of circumstances. This policy applies to all instances in which Department components use cell-site simulators in support of other Federal agencies and/or State and Local law enforcement agencies.

Thus, it may leave a big out for the kind of cooperation we know to exist.

National security uses

Then, of course, the policy only applies in the criminal context, though DOJ claims it will adopt a policy “consistent” with this one on the FISC side.

This policy applies to the use of cell-site simulator technology inside the United States in furtherance of criminal investigations. When acting pursuant to the Foreign Intelligence Surveillance Act, Department of Justice components will make a probable-cause based showing and appropriate disclosures to the court in a manner that is consistent with the guidance set forth in this policy.

BREAKING! FBI has been using Stingrays in national security investigations! (Told ya!)

This language is itself slippery. FISC use of Stingrays probably won’t be consistent on the FISC side (even accounting for the many ways exigent uses could be claimed in national security situations), because we know that FISC already has different rules for PRTT on the FISC side, in that it permits collection of post cut through direct dialed numbers — things like extension numbers — so long as that gets minimized after the fact. The section on minimization here emphasizes the “law enforcement” application as well. So I would assume that not only will national security targets of Stingrays not get noticed on it, but they may use different minimization rules as well (especially given FBI’s 30 year retention for national security investigation data).

Other agencies use of Stingrays for content

DOJ suggests that DOJ never collects content using Stingrays by stating that its Stingrays always get set not to collect content.

Moreover, cell-site simulators used by the Department must be configured as pen registers, and may not be used to collect the contents of any communication, in accordance with 18 U.S.C. § 3127(3). This includes any data contained on the phone itself: the simulator does not remotely capture emails, texts, contact lists, images or any other data from the phone. In addition, Department cell-site simulators do not provide subscriber account information (for example, an account holder’s name, address, or telephone number).

But the rest of the policy makes it clear that department agents will work with other agencies on Stingray use. Some of those — such as JSOC — not only would have Stingrays that get content, but can even partner within the US with FBI.  So DOJ hasn’t actually prohibited its agencies from getting content from a Stingray (domestically — it goes without saying they’re permitted to do so overseas), just that it won’t do so using its own Stingrays.

Funny definitional games

Finally, while not necessarily a loophole (or at least not one I completely understand yet), I’m interested in this definition.

In the context of this policy, the terms “collection” and “retention” are used to address only the unique technical process of identifying dialing, routing, addressing, or signaling information, as described by 18 U.S.C. § 3 I 27(3), emitted by cellular devices. “Collection” means the process by which unique identifier signals are obtained; “retention” refers to the period during which the dialing, routing, addressing, or signaling information is utilized to locate or identify a target device, continuing until tlle point at whic!h such information is deleted.

This definition (which only applies to this policy and therefore perhaps not to national security uses of Stingrays) employs an entirely different definition for collection and retention than other collection that relies on collection then software analysis. Under upstream collection, for example, the government calls this definition of “retention” something closer to “collection.” Don’t get me wrong — this is probably a better definition than that used in other contexts. But I find it funny that FBI employs such different uses of these words in very closely connected contexts.

So, in sum, this is a real victory, especially the bit about actually telling judges what they’re approving when they approve it.

But there are some pretty obvious loopholes here….


Update: ACLU also welcomes this while pointing to some of the limits of the policy.

Update: Here are some of my posts on the FISA uses of PRTT, including (we now know) Stingrays.

On the Apple Back Door Rumors … Remember Lavabit

During the July 1 Senate Judiciary Committee hearing on back doors, Deputy Attorney General Sally Yates claimed that the government doesn’t want the government to have back doors into encrypted communications. Rather, they wanted corporations to retain the back doors to be able to access communications if the government had legal process to do so. (After 1:43.)

We’re not going to ask the companies for any keys to the data. Instead, what we’re going to ask is that the companies have an ability to access it and then with lawful process we be able to get the information. That’s very different from what some other countries — other repressive regimes — from the way that they’re trying to get access to the information.

The claim was bizarre enough, especially as she went on to talk about other countries not having the same lawful process we have (as if that makes a difference to software code).

More importantly, that’s not true.

Remember what happened with Lavabit, when the FBI was in search of what is presumed to be Edward Snowden’s email. Lavabit owner Ladar Levison had a discussion with FBI about whether it was technically feasible to put a pen register on the targeted account. After which the FBI got a court order to do it. Levison tried to get the government to let him write a script that would provide them access to just the targeted account or, barring that, provide for some kind of audit to ensure the government wasn’t obtaining other customer data.

The unsealed documents describe a meeting on June 28th between the F.B.I. and Levison at Levison’s home in Dallas. There, according to the documents, Levison told the F.B.I. that he would not comply with the pen-register order and wanted to speak to an attorney. As the U.S. Attorney for the Eastern District of Virginia, Neil MacBride, described it, “It was unclear whether Mr. Levison would not comply with the order because it was technically not feasible or difficult, or because it was not consistent with his business practice in providing secure, encrypted e-mail service for his customers.” The meeting must have gone poorly for the F.B.I. because McBride filed a motion to compel Lavabit to comply with the pen-register and trap-and-trace order that very same day.

Magistrate Judge Theresa Carroll Buchanan granted the motion, inserting in her own handwriting that Lavabit was subject to “the possibility of criminal contempt of Court” if it failed to comply. When Levison didn’t comply, the government issued a summons, “United States of America v. Ladar Levison,” ordering him to explain himself on July 16th. The newly unsealed documents reveal tense talks between Levison and the F.B.I. in July. Levison wanted additional assurances that any device installed in the Lavabit system would capture only narrowly targeted data, and no more. He refused to provide real-time access to Lavabit data; he refused to go to court unless the government paid for his travel; and he refused to work with the F.B.I.’s technology unless the government paid him for “developmental time and equipment.” He instead offered to write an intercept code for the account’s metadata—for thirty-five hundred dollars. He asked Judge Hilton whether there could be “some sort of external audit” to make sure that the government did not take additional data. (The government plan did not include any oversight to which Levison would have access, he said.)

Most important, he refused to turn over the S.S.L. encryption keys that scrambled the messages of Lavabit’s customers, and which prevent third parties from reading them even if they obtain the messages.

The discussions disintegrated because the FBI refused to let Levison do what Yates now says they want to do: ensure that providers can hand over the data tailored to meet a specific request. That’s when Levison tried to give FBI his key in what it claimed (even though it has done the same for FOIAs and/or criminal discovery) was in a type too small to read.

On August 1st, Lavabit’s counsel, Jesse Binnall, reiterated Levison’s proposal that the government engage Levison to extract the information from the account himself rather than force him to turn over the S.S.L. keys.

THE COURT: You want to do it in a way that the government has to trust you—
BINNALL: Yes, Your Honor.
THE COURT: —to come up with the right data.
BINNALL: That’s correct, Your Honor.
THE COURT: And you won’t trust the government. So why would the government trust you?
Ultimately, the court ordered Levison to turn over the encryption key within twenty-four hours. Had the government taken Levison up on his offer, he may have provided it with Snowden’s data. Instead, by demanding the keys that unlocked all of Lavabit, the government provoked Levison to make a last stand. According to the U.S. Attorney MacBride’s motion for sanctions,
At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I. a printout of what he represented to be the encryption keys needed to operate the pen register. This printout, in what appears to be four-point type, consists of eleven pages of largely illegible characters. To make use of these keys, the F.B.I. would have to manually input all two thousand five hundred and sixty characters, and one incorrect keystroke in this laborious process would render the F.B.I. collection system incapable of collecting decrypted data.
The U.S. Attorneys’ office called Lavabit’s lawyer, who responded that Levison “thinks” he could have an electronic version of the keys produced by August 5th.

Levison came away from the debacle believing that the FBI didn’t understand what it was asking for when they asked for his keys.

One result of this newfound expertise, however, is that Levison believes there is a knowledge gap between the Department of Justice and law-enforcement agencies; the former did not grasp the implications of what the F.B.I. was asking for when it demanded his S.S.L. keys.

I raise all this because of the rumor — which Bruce Schneier inserted into his excerpt of this Nicholas Weaver post — that FBI is already fighting before FISC with Apple for a back door.

There’s a persistent rumor going around that Apple is in the secret FISA Court, fighting a government order to make its platform more surveillance-friendly — and they’re losing. This might explain Apple CEO Tim Cook’s somewhat sudden vehemence about privacy. I have not found any confirmation of the rumor.

Weaver’s post describes how, because of the need to allow users to access their iMessage account from multiple devices (think desktop, laptop, iPad, and phone), Apple technically could give FBI a key.

In iMessage, each device has its own key, but its important that the sent messages also show up on all of Alice’s devices.  The process of Alice requesting her own keys also acts as a way for Alice’s phone to discover that there are new devices associated with Alice, effectively enabling Alice to check that her keys are correct and nobody has compromised her iCloud account to surreptitiously add another device.

But there remains a critical flaw: there is no user interface for Alice to discover (and therefore independently confirm) Bob’s keys.  Without this feature, there is no way for Alice to detect that an Apple keyserver gave her a different set of keys for Bob.  Without such an interface, iMessage is “backdoor enabled” by design: the keyserver itself provides the backdoor.

So to tap Alice, it is straightforward to modify the keyserver to present an additional FBI key for Alice to everyone but Alice.  Now the FBI (but not Apple) can decrypt all iMessages sent to Alice in the future.

Admittedly, as heroic as Levison’s decision to shut down Lavabit rather than renege on a promise he made to his customers, Apple has a lot more to lose here strictly because of the scale involved. And in spite of the heated rhetoric, FBI likely still trusts Apple more than they trusted Levison.

Still, it’s worth noting that Yates’ claim that FBI doesn’t want keys to communications isn’t true — or at least wasn’t before her tenure at DAG. Because a provider, Levison, insisted on providing his customers what he had promised, the FBI grew so distrustful of him they did demand a key.

OLC Undermines DOJ Inspector General Independence

For over a year, DOJ’s Inspector General has been trying to ensure it got ready access to things like grand jury materials (this has been pertinent in the Fast and Furious investigation and how DEA and FBI use the latter’s dragnet, among other things). As part of this effort, the IG asked OLC to weigh in on whether it should be able to access this information, or whether it needed to ask nicely, as it has been forced to do.

Here’s the opinion. Here’s the key passage:

In particular, Title III permits Department officials to disclose to OIG the contents of intercepted communications when doing so could aid the disclosing official or OIG in the performance of their duties related to law enforcement, including duties related to Department leadership’s supervision of law enforcement activities on a programmatic or policy basis. Rule 6(e) permits disclosure of grand jury materials to OIG if a qualifying attorney determines that such disclosure could assist her in the performance of her criminal law enforcement duties, including any supervisory law enforcement duties she may have. And FCRA permits the FBI to disclose to OIG consumer information obtained pursuant to section 626 if such disclosure could assist in the approval or conduct of foreign counterintelligence investigations, including in the supervision of such investigations on a programmatic or policy basis. In our view, however, Title III and Rule 6(e) forbid disclosures that have either an attenuated or no connection with the conduct of the Department’s criminal law enforcement programs or operations, and section 626 of FCRA forbids disclosures that have either an attenuated or no connection with the approval or conduct of foreign counterintelligence investigations.

And here’s OIG’s response.

Today’s opinion by the OLC undermines the OIG’s independence, which is a hallmark of the Inspector General system and is essential to carrying out the OIG’s oversight responsibilities under the Inspector General Act. The OLC’s opinion restricts the OIG’s ability to independently access all records in the Justice Department’s possession that are necessary for our audits, reviews, and investigations, and is contrary to the principles and express language set forth in the Inspector General Act.

The opinion also finds that, in adopting Section 218 of the Department of Justice’s FY 2015 Appropriations Act, Congress’ intent was not sufficiently clear to support independent OIG access to all records in the Department’s possession. The OLC’s opinion reaches this conclusion even though Congress passed Section 218 “to improve OIG access to Department documents and information” following the Department’s failure to independently and timely provide all responsive records to the OIG, and Section 218 explicitly provides that the Department may not use appropriated funds to withhold records from the OIG for reasons other than as expressly provided in the Inspector General Act.

As a result of the OLC’s opinion, the OIG will now need to obtain Justice Department permission in order to get access to important information in the Department’s files – putting the agency over which the OIG conducts oversight in the position of deciding whether to give the OIG access to the information necessary to conduct that oversight. The conflict with the principles enshrined in the Inspector General Act could not be clearer and, as a result, the OIG’s work will be adversely impacted.

The OIG will immediately ask Congress to pass legislation ensuring that the OIG has independent access to the information it needs for its work. The Attorney General and the Deputy Attorney General have each expressed their commitment to join the OIG in this effort.

Inspector General Michael E. Horowitz stated:

“I strongly disagree with the OLC opinion. Congress meant what it said when it authorized Inspectors General to independently access ‘all’ documents necessary to conduct effective oversight. Without such access, our Office’s ability to conduct its work will be significantly impaired, and it will be more difficult for us to detect and deter waste, fraud, and abuse, and to protect taxpayer dollars. We look forward to working with the Congress and the Justice Department to promptly remedy this serious situation.”

[This post has been updated to add the opinion.]