Posts

Between Two Ends of the WikiLeaks Investigation: Parallel Constructing the FBI’s Secret Authorities

Two pieces of news on the government’s investigation of WikIleaks came out yesterday.

At the Intercept, Glenn Greenwald reported:

  • In 2010, a “Manhunting Timeline” described efforts to get another country to prosecute what it called the “rogue” website
  • In a targeting scenario dating to July 25, 2011, the US’ Targeting and General Counsel personnel responded to a question about targeting WikiLeaks’ or Pirate Bay’s server by saying they’d have to get back to the questioner
  • In 2012, GCHQ monitored WikiLeaks — including its US readers — to demonstrate the power of its ANTICRISIS GIRL initiative

Screen Shot 2014-02-19 at 9.42.54 AM
Also yesterday, Alexa O’Brien reported (and contextualized with links back to her earlier extensive reporting):

  • The grand jury investigation of WikiLeaks started at least as early as September 23, 2010
  • On January 4, 2011 (21 days after the December 14, 201 administrative subpoena for Twitter records on Appelbaum and others), DOJ requested Jacob Appelbaum’s Gmail records
  • On April 15, 2011, DOJ requested Jacob Appelbaum’s Sonic records

Now, as O’Brien lays out in her post, at various times during the investigation of WikiLeaks, it has been called a Computer Fraud and Abuse investigation, an Espionage investigation, and a terrorism investigation.

Which raises the question why, long after DOJ had deemed the WikiLeaks case a national security case that under either the terrorism or Espionage designation would grant them authority to use tools like National Security Letters, they were still using subpoenas that were getting challenged and noticed to Appelbaum? Why, if they were conducting an investigation that afforded them all the gagged orders they might want, were they issuing subpoenas that ultimately got challenged and exposed?

Before you answer “parallel construction,” lets reconsider something I’ve been mulling since the very first Edward Snowden disclosure: the secret authority DOJ and FBI (and potentially other agencies) used to investigate not just WikiLeaks, but also WikiLeaks’ supporters.

Back in June 2011, EPIC FOIAed DOJ and FBI (but not NSA) for records relating to the government’s investigation of WikiLeaks supporters.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

In their motion for summary judgment last February, DOJ said a lot of interesting things about the records-but-not-lists they might or might not have and generally subsumed the entire request under an ongoing investigation FOIA exemption.

Most interesting, however, is in also claiming that some statute prevented them from turning these records over to EPIC, they refused to identify the statute they might have been using to investigate WikiLeaks’ supporters.

All three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

Invoking a statutory exemption but refusing to identify the statute was, as far as I’ve been able to learn, unprecedented in FOIA litigation.

The case is still languishing at the DC District.

I suggested at the time that the statute in question was likely Section 215; I suspected at the time they refused to identify Section 215 because they didn’t want to reveal what Edward Snowden revealed for them four months later: that the government uses Section 215 for bulk collection.

While they may well have used Section 215 (particularly to collect records, if they did collect them, from Visa, MasterCard, and PayPal — but note FBI, not NSA, would have wielded the Section 215 orders in that case), they couldn’t have used the NSA phone dragnet to identify supporters unless they got the FISC to approve WikiLeaks as an associate of al Qaeda (update: Or got someone at NSA’s OGC to claim there were reasons to believe WikiLeaks was associated with al Qaeda). They could, however, have used Section 215 to create their own little mini WikiLeaks dragnet.

Read more

The Twitter Gag

Like a bunch of tech companies, Twitter has now released an updated transparency report since last week’s settlement.

But unlike the other tech companies, Twitter offers no information about national security requests. It suggests, at first, that last week’s settlement (to which it was not a party) does not allow it to provide reporting that would be meaningful to Twitter users.

Last week, the U.S. Department of Justice and various communications providers reached an agreement allowing disclosure of national security requests in very large ranges. While this agreement is a step in the right direction, these ranges do not provide meaningful or sufficient transparency for the public, especially for entities that do not receive a significant number of – or any – national security requests.

As previously noted, we think it is essential for companies to be able to disclose numbers of national security requests of all kinds – including national security letters and different types of FISA court orders – separately from reporting on all other requests. For the disclosure of national security requests to be meaningful to our users, it must be within a range that provides sufficient precision to be meaningful. Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency. In addition, we also want the freedom to disclose that we do not receive certain types of requests, if, in fact, we have not received any. [my emphasis]

This suggests (as would be consistent with earlier reporting) that Twitter receives no national security requests — or so few it is unwilling to report it as a 0 – 250 or 0 – 999 band it is permitted to report under the new Guidelines.

But I wonder. Note that Twitter says the Guidelines “unfairly impacts our users’ privacy,” which would only be the case if Twitter’s users had been impacted by NatSec requests. In addition, they provide two years of data: precisely the time period that would be covered by a new access to communication technology.

While it definitely seems like Twitter hasn’t gotten many requests, it also seems possible they’re being affected by that two year gag for whatever request they get.

WikiLeaks: Court Upholds US Subpoena For Twitter Records

In a 21 page opinion, US Magistrate Judge Theresa Buchanan of the Eastern District of Virginia District Court has just granted the United States Department of Justice subpoena demand for records in the WikiLeaks investigation.

Three people associated with WikiLeaks – Jacob Appelbaum, Birgitta Jonsdottir, and Rop Gonggrijp – had petitioned the court to vacate the subpoena and to unseal the court pleadings. The court held:

For the foregoing reasons, petitioners’ Motion to Vacate is DENIED. Petitioners’ Motion to Unseal is DENIED as to docket 10- gj-3793, and GRANTED as to the 1:11-dm-00003 docket, with the exception of the government attorney’s email address in Twitter’s Motion for Clarification (Dkt. 24), which shall be redacted. Petitioners’ request for public docketing of the material within 10-gj-3793 shall be taken under consideration. An Order shall follow.

The three WikiLeaks individuals had argued the subpoena violated constitutional protections for free speech and association; the court disagreed. Appelbaum, Gonggrijp and Jonsdottir have already stated they will appeal.

You can read the full opinion here. I will be updating the post as I read the decision.

In December of last year, the US government, upon ex parte motion, moved the EDVA Court to enter a sealed Order (“Twitter Order”) pursuant to 18 U.S.C. § 2703(d) of the Stored Communications Act, which governs government access to customer records stored by a service provider. The Twitter Order, which was unsealed on January 5, 2010, at the request of Twitter, required Twitter to turn Read more

Political Giving and Willingness to Cave to Law Enforcement

When Jason Leopold linked to a WSJ report titled, “Obama breaks bread with Silicon Valley execs,” I quipped, “otherwise known as, Obama breaks bread w/our partners in domestic surveillance.” After all, some of the companies represented–Google, Facebook, Yahoo–are among those that have been willingly sharing customer data with federal law enforcement officials.

Which is why I found this Sunlight report listing lobbying and political donations of the companies so interesting.

Lobbying (2010) Contributions to Obama (2008)
Apple $1,610,000.00 $92,141.00
Google $5,160,000.00 $803,436.00
Facebook $351,390.00 $34,850.00
Yahoo $2,230,000.00 $164,051.00
Cisco Systems $2,010,000.00 $187,472.00
Twitter $0.00 $750.00
Oracle $4,850,000.00 $243,194.00
NetFlix $130,000.00 $19,485.00
Stanford University $370,000.00 $448,720.00
Genentech $4,922,368.00 $97,761.00
Westly Group $0.00 $0.00

Just one of the companies represented at the meeting, after all, has recently challenged the government’s order in its pursuit of WikiLeaks to turn over years of data on its users: Twitter. And the difference between Twitter’s giving and the others’ is stark.

Does Twitter have the independence to challenge the government WikiLeaks order because it hasn’t asked or owed anyone anything, politically?

Mind you, there’s probably an interim relationship in play here, as well. Those companies that invest a lot in politics also have issues–often regulatory, but sometimes even their own legal exposure–that they believe warrant big political investments. Which in turn gives the government some issue with which to bargain on.

Maybe this is all a coinkydink. And maybe having broken bread with Obama, Twitter will cave on further government orders.

But I do wonder whether there’s a correlation between those telecommunication companies that try to buy political favors and those that offer federal law enforcement favors in return.