Intelligence Lawyer Robert Litt Claims Searching For Possible Privacy Violations Will Violate Privacy

from the route-all-privacy-concerns-to-/dev/null dept

Fri, Nov 15th 2013 5:32am — Tim Cushing

The ODNI's head counsel, Robert Litt, had made statements over the past few months that seem to hint that he's actually some sort of android, rather than a living, breathing human being. Maybe this is what happens to anyone who spends too long on the inside of the intelligence panopticon. When delivered in the real world, arguments that sounded plausible in the echo chamber give off the eerie tone of a not-quite-human "being" badly in need of an empathy chip upgrade.

Case(s) in point:

1. July 23rd - Robert Litt delivers a speech in which he asks this question:

"Why is it that people are willing to expose large quantities of information to private parties but don't want the Government to have the same information?"

It almost sounds reasonable until you consider what's being asked. "Why do people voluntarily give up information in exchange for services they find appealing/ useful but remain opposed to involuntarily having their data harvested by a secretive government agency?" There's a huge difference between the two, but Litt's cyborg mind fails to spot the gap. Data is data, he argues. If you're already sharing, why not let the government have a taste? [Of course, the whole argument is largely moot as the government already has access to this data anyway.]

2. November 5th - While meeting with the Privacy and Civil Liberties Oversight Board, Litt makes this claim:

In theory, storing the data with the companies, instead of at the NSA, would allow the telcos to serve as a kind of privacy watchdog. They'd be in a position to examine the government's requests for information about their customers and possibly to object to them in court.

But the intelligence lawyers warned that Americans' would be subject to even greater privacy incursions if their personal information were stripped from NSA's control.

In short, storing metadata at a neutral site would somehow result in more privacy violations than it would in the [LOL] careful stewardship of the NSA. Limited access to metadata, according to robotic-overlord-in-waiting Robert Litt, is more harmful to Americans' privacy than potentially unlimited access to data stores onsite.

Less than ten days later and I, Robert is at it again.

Robert Litt, the general counsel for the Office of the Director of National Intelligence, and Bradford Wiegmann, deputy assistant attorney general, told the Committee on Privacy, Technology and the Law today that it would have a “privacy diminishing effect” if intelligence officials were forced to review every piece of data vacuumed up under its internet and phone surveillance programs...

“Attempting to make this determination [identify the number of US persons whose data has been "inadvertently" swept up by various NSA collections] would require the intelligence community to research and review personally identifying information solely for the purpose of complying with the reporting requirements, even if the information has not been determined to contain foreign intelligence,” they argued. “Such an effort would conflict with our efforts to protect privacy...”

Litt, while addressing the panel, added that such a requirement “would perversely” undermine privacy.

There's a hole in Litt's argument you could drive a truckload of logic through. Kevin Bankston steps up and takes the wheel.

“The privacy has already been violated,” he said.

Litt must be an adherent of the Rogers Theorem, which states that privacy violations don't actually occur until they're noticed. That's the only way he could make such an argument with a straight face (although being not quite human probably helps).

The ODNI's arguments are beginning to resemble the outer limits of quantum mechanics, in which privacy violations are caused not by the wholesale amassing of pterabytes of data, but by NSA analysts checking to see if anything American has been inadvertently snagged in the NSA's enormous baleen. [ALL METAPHORS ARE GO.]

In other words, the outcome is changed by the measurement. Tons of data grabbed indiscriminately? No privacy issues. Peering into said tonnage for specifics? Privacy violations galore.

No mention is made of maybe putting some effort into refining its programs or dialing back its collections. Nope, to do so is to subject America to somewhere between 0 and 54 terrorist attacks over the next dozen years. This much we can be sure of because… well, just believe the nice "man" in suit, OK? The NSA's defenders have worked very hard to come up with dozens of tenuous justifications for its data dragnet and they don't need the very violated American public casting aspersion on the agency's lack of finesse.

This is what happens when the talking points begin suffering routine catastrophic failure. The NSA's defenders are reduced to responding like quarreling schoolchildren: "No, you're violating privacy!" How pathetic.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: nsa, nsa surveillance, privacy, robert litt

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 15 Nov 2013 @ 5:39am

so how about the government sharing everything with me then? fair exchange, after all. they would know everything about me, i should be able to know everything about it, or at least, about all the individuals who make up the government that call for my information!
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 5:46am

It couldn't be any more than they're already doing right now.
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 6:04am

1) Your privacy is not violated if you do not know about it
2) You might be made aware if there were an investigation
3) Therefore an investigation would violate your privacy
4) .......?
5) Profit !!!
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 6:05am

Fundamental values
Why is it that people are willing to expose large quantities of information to private parties but don't want the Government to have the same information?

Why is it that many Americans do not want to live in a totalitarian regime where no one has the right to talk to anyone else without the government's knowledge?

Do Americans have the liberty to talk to each other�without the government making a record of that conversation? Do Americans have a freedom to associate with each other?
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 6:11am

its pterodactyl, or petabytes.:-) The first are extinct, but the Utah data centre is still alive, despite its attempts to self combust.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 15 Nov 2013 @ 6:26am

Minion attempting to distance Google / Facebook from surveillance system.
So why is that YOU answer this question with "Google spying good, NSA spying bad"?
"Why is it that people are willing to expose large quantities of information to private parties but don't want the Government to have the same information?"

Now, that^^^ quote is to support NSA, which I don't at all, but IS a valid question that isn't answered here, minion just goes into boilerplate to excuse and distance the commercial spying.

Anyone reasonable would hold that ALL SPYING IS BAD.

Anyone reasonable knows that everything held by corporations is available to the gov't for a small fee.

Corporations don't have ANY right to even have information, nor to collate all in vast cartels. Corporations are legal fictions that must ask permission from We The People to even exist, and are permitted only so long as actually serve our purposes, NOT its profits. Now that corporations are serving the gov't, it's time to SAY NO to both aspects of the fascist surveillance state. It's not enough to just stop gov't spying. ALL SPYING IS BAD.

Oh, and preventative boilerplate is needed for the repeating dolts here: just show me how to escape all of Google's spying, kids. It's NOT voluntary: you CAN'T opt out. It's not enough, you silly AC, to use another search page: Google has javascript and API in the vast majority of pages, including a couple hundred K right here at Techdirt.

And here's Mike with the same view as mine (but he too is actually FOR Google's spying):
Where Mike sez: "Any system that involves spying on the activities of users is going to be a non-starter. Creeping the hell out of people isn't a way of encouraging them to buy. It's a way of encouraging them to want nothing to do with you." -- So why doesn't that apply to The Google?

02:25:56[c-626-2]
[ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2013 @ 6:33am
  
  Re: Minion attempting to distance Google / Facebook from surveillance system.
  "Anyone reasonable would hold that ALL SPYING IS BAD."
  No. Most reasonable people are happy with spying going on as long as it's targeted and proportional.
  
  "Anyone reasonable knows that everything held by corporations is available to the gov't for a small fee."
  No. Most reasonable people expect corporations to obey the various data protection laws. Unless they are presented with a legitimate warrant/subpoena of course.
  
  Once again you are full of shit.
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Nov 2013 @ 8:40am
    
    Re: Re: Minion attempting to distance Google / Facebook from surveillance system.
    "No. Most reasonable people are happy with spying going on as long as it's targeted and proportional."
    
    You forget to and done through due process (ie. obtain a warrant based on evidence to support probable cause) at least in cases that are domestic or involve US citizens.
    [ link to this | view in chronology ]
    - Anonymous Coward, 15 Nov 2013 @ 8:45am
      
      Re: Re: Re: Minion attempting to distance Google / Facebook from surveillance system.
      * forget to ADD
      [ link to this | view in chronology ]
- John Fenderson (profile), 15 Nov 2013 @ 10:03am
  
  Re: Minion attempting to distance Google / Facebook from surveillance system.
  IS a valid question that isn't answered here
  
  Yes, it's a valid question, and yes, it was answered in the article.
  
  Corporations don't have ANY right to even have information
  
  Once you've agreed to let them have access to your information, you've given them that right. Once again, that's the key difference between corporations and the government. The government doesn't need or want you permission.
  [ link to this | view in chronology ]
mermaldad (profile), 15 Nov 2013 @ 6:28am

Already violated
"Yeah, I was peeping through your window, and yes, I happened to see you naked, but I shouldn't be arrested for that because if I am arrested, I will have to think about what I saw (as part of my defense, of course) and you don't want me thinking about you naked, do you?"
[ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2013 @ 7:04am
  
  Irony
  I heard an ad for AT&T digital life this morning on the radio. They want me to trust them to put security cameras in my home. The advertisement stated I could watch my home while I'm away and I wondered to myself how long it would be before the NSA was also watching my home when I am there. No thanks AT&T. I feel more threatened by AT&T and the NSA than I do robbers.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 15 Nov 2013 @ 10:07am
    
    Re: Irony
    When I heard about that, my first thought was nobody could possibly be stupid enough to agree to that, especially since you can do the exact same thing at low cost without involving any third party at all (outside of your internet service, but they'd have to crack your encryption).
    
    My second thought was... sadly, there probably are people stupid enough to agree to that.
    [ link to this | view in chronology ]
    - That One Guy (profile), 15 Nov 2013 @ 7:02pm
      
      Re: Re: Irony
      Actually, that could be useful.
      
      After all there's still a few people who's response to the public outcry over the NSA's spying is the old 'If you haven't done anything wrong...' line, so if they really do believe that, then they should have no problems installing such a system in their houses, unless of course they think they've got something to hide...
      [ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 6:38am

> In theory, storing the data with the companies, instead of at the NSA, would allow the telcos to serve as a kind of privacy watchdog

That has already happened. How many times was your privacy defended by AT&T and Verizon?

How about ZERO times? Can anyone ever see Verizon being a privacy watchdog? Give me a break.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2013 @ 7:00am
  
  Re:
  How about ZERO times?
  
  �NSA has massive database of Americans' phone calls�, by Leslie Cauley, USA TODAY, May 11, 2006
  �.�.�.�.
  
  One company differs
  
  One major telecommunications company declined to participate in the program: Qwest.
  
  According to sources familiar with the events, Qwest's CEO at the time, Joe Nacchio, was deeply troubled by the NSA's assertion that Qwest didn't need a court order � or approval under FISA � to proceed. Adding to the tension, Qwest was unclear about who, exactly, would have access to its customers' information and how that information might be used.
  
  Financial implications were also a concern, the sources said. Carriers that illegally divulge calling information can be subjected to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines, in the aggregate, could have been substantial.
  
  The NSA told Qwest that other government agencies, including the FBI, CIA and DEA, also might have access to the database, the sources said. As a matter of practice, the NSA regularly shares its information � known as "product" in intelligence circles � with other intelligence groups. Even so, Qwest's lawyers were troubled by the expansiveness of the NSA request, the sources said.
  
  The NSA, which needed Qwest's participation to completely cover the country, pushed back hard.
  
  Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled.
  
  In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.
  
  Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.
  
  The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events.�.�.�.
  
  Well, true, we all know what happened to Joe Nacchio after he refused to play ball.
  [ link to this | view in chronology ]
- John Fenderson (profile), 15 Nov 2013 @ 10:09am
  
  Re:
  A million times this. Having private companies hold this data for the government doesn't improve anything whatsoever -- in fact, it makes things a little worse as then the companies will mine the data for their own purposes (something we see happening in the UK as a result of their data retention laws).
  
  What would make a huge difference is to not store this data anywhere at all.
  [ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 6:54am

"Why is it that people are willing to expose large quantities of information to private parties but don't want the Government to have the same information?"

syn�er�gy

1. the interaction or cooperation of two or more organizations, substances, or other agents to produce a combined effect greater than the sum of their separate effects.
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 7:01am

�Attempting to make this determination [identify the number of US persons whose data has been "inadvertently" swept up by various NSA collections] would require the intelligence community to research and review personally identifying information solely for the purpose of complying with the reporting requirements, even if the information has not been determined to contain foreign intelligence,� they argued. �Such an effort would conflict with our efforts to protect privacy...�

To be fair, it WOULD be a greater invasion of privacy if someone were to go manually looking at all the data. I will grant them that having someone look at it is a greater invasion than just having it.

But they aren't going to manually look at all the data ANYWAY. They couldn't do this if they WANTED to. There's too much data. Instead, they'd run it through a computer program. And they're already running it through a computer program.

Yes, for the NSA to provide the EXACT number of people affected, they'd have to do all sorts of analysis to eliminate duplicates and such. But we aren't looking for an exact number. Plus or minus 25% would be fine.

Also, "how many unique people's data do we have" is not a piece of data that by itself will compromise anyone's privacy. Nobody would ever have objected to the NSA asking AT&T how many people made phone calls on a particular day, or asking Google how many users sent an email.
[ link to this | view in chronology ]
- boomslang, 15 Nov 2013 @ 7:24am
  
  Re:
  You make some good points. If they have a collection of telephone metadata in a database, in order to determine how many of those records are entirely domestic calls, they'd have to do analysis on all the numbers to label them with identifying information, which would likely involve a greater breech of privacy than leaving the database alone.
  
  Similarly, to get the number of unique people's data that they have, they would have to attribute identifying information to all those telephone conversations. Some people may have more than one phone/phone number, some people may call from another person's cellphone.
  
  For a rough number, we may as well ask how many Verizon and AT&T customers there are and use that as a starting point, or ask how many unique telephone numbers their database contains.
  [ link to this | view in chronology ]
kenichi tanaka (profile), 15 Nov 2013 @ 7:06am

I would like to know just how exactly did these boobs get jobs without the Federal government. Let's see. The NSA violates our privacy by collecting the data on every American. That, in itself, is a violation of our privacy.

Now, the government is saying that handing the control over to private companies to act as watchdogs would violate our privacy and that we're safer with the government in control?

If THAT isn't an oxymoron, then I don't know what is. But, then again, the morons in charge are oxyMORONS.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2013 @ 7:13am
  
  Re:
  The private companies have our data already. It's a non-argument.
  [ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2013 @ 7:30am
  
  Re:
  The "Intelligence" agencies stole them from legitimate people, clearly.
  [ link to this | view in chronology ]
avideogameplayer, 15 Nov 2013 @ 7:31am

Calling someone an intelligence lawyer is like saying Prenda law isn't a copyright trolling operation...
[ link to this | view in chronology ]
ahow628 (profile), 15 Nov 2013 @ 7:32am

NSA: Privacy watchdog...
But the intelligence lawyers warned that Americans' would be subject to even greater privacy incursions if their personal information were stripped from NSA's control.

Wait! Is the NSA really trying to say that without them snooping in your data that Google or MS or whoever would be violating my privacy? And that the NSA is the key to Google or MS or whoever NOT violating my privacy?

Head asplode!
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 7:42am

"In short, storing metadata at a neutral site would somehow result in more privacy violations than it would in the [LOL] careful stewardship of the NSA."

Careful there. I think the word you're looking for is "private" vs "public". I'm not sure I'd consider telcos or ISPs "neutral" as they are still out to make a buck off you and looking out for their interests more than yours.

The concept is correct though. Telcos and ISPs are "powerless" when compared to what the government has as far as authority over you. They can't send the SWAT (for the most part...), send you to jail, or fine you from merely searching through your information. They can't build cases against you based on your full history like the government can. Hence the difference the NSA can't seem to wrap their "android" heads around.
[ link to this | view in chronology ]
Not an Electronic Rodent (profile), 15 Nov 2013 @ 8:27am

I's quantum, innit?
Litt must be an adherent of the Rogers Theorem, which states that privacy violations don't actually occur until they're noticed.
One surmises that both Litt and Rogers probably have cats, though at the same time they probably don't...
[ link to this | view in chronology ]
- Joe Dirt, 15 Nov 2013 @ 9:30am
  
  Re: I's quantum, innit?
  Schr�dinger's Privacy?
  [ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 9:44am

You have all the privacy you can handle till suddenly you notice you don't have any privacy. At that point, you are a terrorist threatening the spice flow and no longer eligible for legal rights.

That makes perfect sense if you are a spying agency. Makes no sense if you are not.
[ link to this | view in chronology ]
John Fenderson (profile), 15 Nov 2013 @ 10:12am

It's all a grand distraction
This entire debate is a distraction from the main point: this data should be getting amassed in the first place. Once we start arguing about how to best manage the data, we've already lost.
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 10:30am

I don't voluntarily share my data with cell phone service providers. I have no choice, but to share my data because they log everything I do.

Especially AT&T, who we recently found out keeps a 30+ year old log file on all their customers!

What we really need, is legislation preventing companies from keeping logs older than 3 years, on customer information.

If course that will probably never happen, so what we we'll probably end up with is new communication technology, such as SIP VOIP, which bypasses telco logs and allows for privacy.

The only real choice people have, is do I want a cell phone or not? If the answer is yes we want a cellphone. Then we have no choice but to share our data with the telcos, because last I checked there's no opting-out of telco log files.

Even if there was such an opt-out, I wouldn't trust the telcos to actually honor it. In fact, I bet there's federal laws requiring telcos to keep such logs for a minimum time period.

"Choose" to share our data, my ass!
[ link to this | view in chronology ]
- John Fenderson (profile), 15 Nov 2013 @ 11:45am
  
  Re:
  What we really need, is legislation preventing companies from keeping logs older than 3 years, on customer information.
  
  I agree, except for the 3 year part. I would prefer companies be required to delete customer information once the primary purpose for having the information has passed.
  
  For call log data, for example, this would be once the call is completed or once the next bill is sent (depending on how you pay for your calls).
  
  Even more importantly, though, I would like to see legislation making it clear that data about you & I is actually owned by you & I and not the companies who have gathered it.
  [ link to this | view in chronology ]
Anonymous, 15 Nov 2013 @ 3:14pm

Private parties are less likely to send an armed goon squad to your house or kill you with a drone.
[ link to this | view in chronology ]