Declassified Opinion Shows The NSA Exploited Pen Register Statutes To Collect Internet Metadata On Millions Of Americans

from the the-box-has-no-edges... dept

The Office of the Director of National Intelligence has just released a very large set of declassified documents, covering a variety of topics. (Just a friendly reminder: these documents are being released because of a court order, not because the ODNI loves transparency, no matter how it's phrased at I CON THE RECORD.) Of particular interest is one that appears to be the original court opinion that gave the NSA permission to collect bulk internet metadata on Americans, better known as the Stellar Wind program, which ran for a decade before being shut down in 2011.

Orin Kerr, writing for (watch your step) the Lawfare blog, breaks down the questionable arguments the government presented and the leaps the presiding judge (Colleen Kollar-Kotelly) made to grant this request.

To begin with, the government presents this collection as nothing more than a modern-day pen register. As Kerr explains, the privacy bar for pen registers is set incredibly low.

The federal pen register authorities use a mere certification standard. Under the national security version of the pen register statute, the FISC is required to approve an application for pen register surveillance whenever the Attorney General (or an attorney he designates) certifies under oath “that the information likely to be obtained” from the monitoring “is relevant to an ongoing investigation to protect against international terrorism or clandestine intelligence activities,” 50 U.S.C. 1842(c)(2). As long as the government has issued its certification, and the judge concludes that the government’s application falls within the statute, “the judge shall enter an ex parte order.” 50 U.S.C. 1842(d)(1). The government doesn’t have to say why it thinks the standard has been satisfied; it just certifies under oath that it does. And the judge has no authority to look behind the government’s assertion to see if its factual basis is strong, weak, or completely absurd. See generally In re Application of the United States, 846 F.Supp. 1555 (M.D. Fla. 1994). The judge’s only role is making sure the government checked the box and made the required certification under oath.
There's a reason why the bar is set so low. It's inherently limited.
The pen register authority permits monitoring of a suspect’s non-content metadata unprotected by the Fourth Amendment for a window of time, investigative steps outside the Fourth Amendment than are akin to tailing a suspect in public or obtaining a mail cover to monitor the outside of their mail.
So, all a judge is looking for is a box ticked by a US Attorney. If that's present, then the pen register collection can proceed. But this is a surveillance method that is targeted at one particular suspect. It's not used to collect data on multiple persons at one time. Certainly multiple pen registers can be obtained in order to collect multiple sets of metadata, but each request is singular. Or was, until the NSA decided to extrapolate the singular pen register into a bulk collections program.
[I]t wanted an order forcing a provider to record and disclose Internet metadata in real time on an ongoing basis for potentially tens of millions of customers, all with a single order obtained with no judicial review based on a mere certification by the Attorney General.
The government took this low bar and convinced a judge that there was technically no difference between collecting metadata on ONE person and collecting metadata on millions. It wasn't just the government doing the rhetorical legwork. Kerr points out that the presiding judge ignored several statutory clues within the pen register law that indicated it was never meant to be used for bulk, untargeted collections.
The statute authorizes the judge to issue an order requiring the installation of “a” pen register to monitor “the person who is the subject of the investigation.” 50 U.S.C. 1842(d)(1)-(2). This is written in the singular, suggesting that each pen register requires a subject.
Furthermore, she buys into the government's arguments that the ends justify the means.
She then concludes that the bulk collection is reasonable in a Fourth Amendment sense — not that the Fourth Amendment applies, as this is just metadata, but rather in the policy sense that the program represents a sensible balance between security and privacy along the lines of that required under Fourth Amendment reasonableness precedents. The application is thus granted because, all things considered, the program does seem to be a pretty good way to find terrorists. See pages 49-54.
This argument has been used more than once by the government to defend the NSA's collections. The government extrapolates from the fact that if something isn't a violation of civil liberties for one person (i.e., bulk records collections) than it's not a violation when the program collects records on millions. The courts have backed this up: rights do not spring into existence ex nihilo.

The government used this argument to address Basaaly Moalin's claims that records obtained under the Section 215 program violated his constitutional rights. In the most basic terms, it claimed that if an intelligence (or law enforcement) agency can surveil one person without violating their Fourth Amendment rights (using bulk records, etc.), it can do it to everyone. (Perversely, it then spins around and claims this is why no one has standing to sue the government over these untargeted collections.)

So, the expansion of the previously targeted pen register program into a bulk internet metadata collection relied on the same basic argument. Even if the statute is written in a way that specifies singular targeting, the government would argue that the statute is equally applicable to collecting data on millions of people -- all of it needing no more authority than a signature of a United States Attorney.

All things considered, it's rather surprising the Stellar Wind program was shut down. The NSA certainly has shown no desire to eliminate a program, even if it produces large amounts of nearly-useless data. More than likely, the program was just supplanted by a better dragnet. Right about the time Stellar Wind shut down, a rules change to the Section 702 collections program gave the NSA "permission" (via a new loophole) to target Americans directly.

Also of note: while there's no date on this document (redacted, of course), the internal citations [Lamie V. United States Trustee, 124 S. Ct. 1023, 1030 (2004), p. 7; Engine Mfrs. Ass'n v. South Coast Air Quality Mqmt. Dist., 124 S. Ct. 1756, 1761 (2004), p. 14] suggest this opinion was the end result of another post facto search for permission by the NSA. The program supposedly began in 2001, but the court doesn't actually address the collection until 2004, at the earliest. This may be the point that the NSA first sought to collect metadata on Americans, with all previous collections being foreign only — but without further documentation (and factoring in the agency's tendency to collect first, seek approval later), there's no way to tell if the NSA was collecting internet metadata without even the barest minimum of legal approval previous to this opinion.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: colleen kollar-kotelly, email, fisa court, fisc, internet, metadata, pen register


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 19 Nov 2013 @ 10:26am

    Mosaic theory

    Yesterday's article, regarding the FBI's fears of the FOIA master getting too many puzzle pieces, seems applicable.

    Invoking a legal strategy that had its heyday during the Bush administration, the FBI claims that Shapiro's multitudinous requests, taken together, constitute a "mosaic" of information whose release could "significantly and irreparably damage national security" and would have "significant deleterious effects" on the bureau's "ongoing efforts to investigate and combat domestic terrorism." So-called mosaic theory has been used in the past to stop the release of specific documents

    In that case, the FBI is saying that it's right to secrecy springs up ex-nihilo because of the bigger view of the puzzle the information gatherer is getting. I think the same higher scrutiny should apply to these bulk collections. There is more information that the NSA is obtaining by having the ability to connect all the metadata, than what each each individual piece provides. That should result in higher court scrutiny than what is provided for an individual pen register.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Nov 2013 @ 10:26am

    When did America become Starship Troopers in real life?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Nov 2013 @ 10:30am

    "The application is thus granted because, all things considered, the program does seem to be a pretty good way to find terrorists."

    This is hwo you know FISC isn't a court. It's trying to help the government rather than weighing the risks or means of the implementation.

    This isn't a court, a case, or a decision being made by a judge, it's a rubber stamp even if the FISC court doesn't want to admit it is.

    Also:
    "The courts have backed this up: rights do not spring into existence ex nihilo."

    This may have made sense before computers, social media, and the digital age in general, but it probably should be reviewed again. Still the real difference is the "targeting" portion. You can target a person or a (small/limited) group of people, but it becomes a dragnet/surveillance when you're just gathering data because you can. That's the difference and where the invasion of rights takes place.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 19 Nov 2013 @ 10:52am

    And that's why information held by corporations should be strictly regulated.

    Including your precious Google.

    Lawyers can always argue their way to any conclusion because never include human decency or morality in their "opinion". Lawyers are as close to sharks and killer robots as is possible for human-shaped flesh and blood to be.

    Lawyers created legal fictions called corporations precisely so that criminal acts can be done without personal responsibility, only money fines.

    Every bit of info the legal fictions called corporations hold, gov't will end up with -- and it's actually very little use for any honest purpose of gov't, but IS of high value to the police state -- and rest of time the corporations will only use it to annoy and control people. So why would anyone want to forego controlling corporations from collecting info in the first place? -- The world worked just fine before computers made possible such collecting and collating. -- And while dolts who wish to could always opt-in for perceived advantages, the problem is that there's no way for anyone to opt-out: at best one is shut out of ordinary commerce; at worst, won't be long before gov't can with one click literally make anyone an "unperson" as in "1984", cut off from all banking and literally not able to even buy food.

    Collection of data on persons is just the first step to actual control, a high-tech police state that doesn't even need to use machine guns, will just let dissidents starve.

    And the mega-corporations are not just going along with the technocracy but driving.

    link to this | view in chronology ]

    • icon
      Gwiz (profile), 19 Nov 2013 @ 11:04am

      Re: And that's why information held by corporations should be strictly regulated.

      ...won't be long before gov't can with one click literally make anyone an "unperson" as in "1984", cut off from all banking and literally not able to even buy food.


      Well, that's one vision of the future. While I tend to agree that the gradual replacement of legal tender (ie: folding money) with electronic transactions is problematic in regards to privacy and control issues, I don't believe it will ever reach such doomsday proportions that you are projecting here. Humans have bartered amongst each other for goods and services since the dawn of time and nothing will ever truly replace that.

      link to this | view in chronology ]

  • icon
    Violated (profile), 19 Nov 2013 @ 11:48am

    Proof these FISA Judges are morons.

    To spy on one person makes them a suspect. To spy on everyone makes the whole population a suspect even if there has been prior indication of wrongdoing.

    They seem to have forget the aspect of "targeted" where that range should always be set as very narrow. So indeed a violation of the US Bill of Rights.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Nov 2013 @ 1:01pm

      Re:

      I don't think they're morons at all. I think they're malicious.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Nov 2013 @ 1:50pm

        Re: Re:

        No they are malicious morons. They are morons because the logic they use to try to justify it is so transparently flawed that it becomes obvious what morons they are.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 19 Nov 2013 @ 2:08pm

          Re: Re: Re:

          I disagree. I mean, yes, their arguments are flawed, but I think that they know that. It's just not possible to come up with arguments that aren't flawed while still reaching the conclusion they want to reach.

          They aren't morons, they're counting on the rest of us being morons.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Nov 2013 @ 2:10pm

          Re: Re: Re:

          They're maliciously criminal.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Nov 2013 @ 2:07pm

      Re:

      The range is set narrow, very narrow. They only spy on people from the planet Earth!

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Nov 2013 @ 12:22pm

    and still Congress doesn't do anything to stop it from continuing now or in the future. there has been plenty of posturing but only one actual attempt to curtail the practices and that was booted into touch! what the hell is the point of continually moaning about something, having the opportunity of changing things for good and then turning backs to it? typical politician attitude of 'we'll keep taking the money but as soon as there is a up front vote needed, we'll just step back and let things wash over us! nothing short of cowardly really!!

    link to this | view in chronology ]

  • identicon
    Crooked judge, 19 Nov 2013 @ 1:50pm

    Surprise a crooked US judge

    Is it any surprise that a crooked US judge would rubberstamp the request? They were purposely put in place specifically because they would rubberstamp anything put in front of them. The judge should be fired for incompetence and for being involved in a conspiracy to break the laws of the constitution.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.