James Clapper's Latest Section 215 Doc Release Shows NSA Behavior, Redaction Skills Both Questionable
from the unofficial-doc-releases-still-preferable,-easier-to-read dept
The ODNI released another batch of Section 215 court orders on Friday, and as usual, it was prefaced with the same statement by James Clapper that obfuscates the fact that these document releases were compelled by an EFF lawsuit.
These releases reflect the Executive Branch’s continuing commitment to make information about the implementation of Sections 501 and 702 publicly available when appropriate, while ensuring the protection of the national security of the United States.I'm not entirely sure the Executive Branch's "commitment" is any less compelled than the ODNI's document releases. Obama has said he "welcomes the debate" on national security, but it's a bit like "welcoming" someone who has kicked in your door and made himself comfortable on your couch. It's more "confrontation" than "conversation."
Either way, there's not a ton of surprising stuff in these documents, thanks to the release of an unredacted court order by The Guardian back in June of last year. The verbiage has morphed over the last several years (the docs released date back to 2006 -- the point at which the collection was "authorized") with the greatest changes occurring after Judge Walton nearly shut the program down (for "systemic abuse" of the collection since its inception three years earlier) in March of 2009.
Here's what's worth noting from the latest ODNI document dump.
A footnote that appears in many of the orders gives us some idea how many numbers have made their way back to the FBI since the program's inception. The earliest order released (dated 8-18-06) states this:
The Court understands that NSA expects that it will continue to provide on average approximately two telephone numbers per day to the FBI.Three months later (11-13-06), the number of "tips" increases:
The Court understands that NSA expects that it will continue to provide on average approximately three telephone numbers per day to the FBI.There may be several redundancies in the NSA's tipped numbers (presumably the NSA doesn't concern itself with ensuring it hasn't tipped a number before) but the raw numbers indicate the FBI is receiving 1,095 tips per year, per telco. It's by no means a massive number compared to the entire collection, but it's still a lot of numbers for the nation's second largest national security agency to investigate.
The next point of interest appears in an amendment to a 2007 order, this one signed by Judge Kollar-Kotelly. Whatever the NSA was searching its collection for apparently didn't fall within the normal "counterterrorism" confines. The text is very heavily redacted, but the words remaining around the edges suggest a non-national security target.
3. The results of each such query shall be segregated to the extent feasible until BR 07-10 expires or [xxxxxxxxxx] whichever comes first.[The text doesn't show the lengths of the redacted areas, so this screencap might be a little more relevant.]
4. Upon the conclusion of [xxxxxxxxx] or at the time of the renewal application, whichever comes first, NSA shall submit a written report to the Court stating why the results of any query conducted pursuant to this Motion should not be destroyed.
5. This amendment is strictly limited to allowing queries of the metadata [xxxxxxxxx] and does not apply to queries for the purpose of [xxxxxxxxx].
As of January 2008, querying the metadata database was restricted to approval by "one of eight people." But by the following order (04-03-08), this number had mysteriously swelled to twenty-three. There's no documentation or explanation given for the expanded roster of query-approval personnel on what is basically the renewal of the previous court order. (This one is signed by a different judge, however.) This may be just be one example of the "systemic abuse" called out by Judge Walton in his near-dismantling of the program -- a tripling of query approvers for a database whose access was supposed to be very strictly controlled.
What is likely Judge Walton's first court order since his February 2008 order temporarily halting the NSA's bulk records collection notes that approvals to search the database will only be approved on a case-by-case basis until further notice. Unfortunately, this order also gives the agency a convenient way to avoid having to seek the court's prior approval.
[I]f the government determines that immediate querying of the BR metadata through contact chaining [xxxxxxxxxxxxxxx] is necessary to protect against an imminent threat to human life, the government may query the BR metadata for such purpose. In each such. case falling under this latter category, the government shall notify the Court of the access, in writing, no later than 5:00 Eastern Time on the next business day after such access.Walton's court order dated Feb. 26, 2010 contains a number of new additions not seen in previous orders. Most notably, it details the NSA's (compelled) decision to fix its software to limit the number of "hops" an analyst could take during contact chaining.
In addition, the Court understands from the Declaration of Lieutenant General Keith B. Alexander, Director of NSA (Ex. A to the Report of the United States filed in docket number BR on August 17,2009) that NSA has made a number of technical modifications that will prohibit a) from inadvertently accessing the BR metadata in [xxxxxxx]; b) from querying the BR metadata in [xxxxxxx] with non-RAS-approved identifiers; and c) from going beyond three "hops" from an identifier used to query the BR metadata in [xxxxxxx].How many "hops" did NSA analysts (this same order notes there are 125 analysts* approved to search the BR database) take before this implementation? Three years down the road from the program's beginning, the NSA is finally forced to admit it has a problem (well, several actually) and implemented the sort of software-based restrictions it should have had in place in 2006.
* This number seems to have been redacted needlessly in the renewal of the February court order.
It also notes the administration will be given access to BR data in order to "determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings." The follow-up question (which still has no real answer) is what does the Executive Branch do with this info? Does it get buried? Is it barred from being admitted as evidence because it would "damage national security," even though it could spring an innocent person? From what we've seen in previous cases, it appears as though the government is more willing to imprison someone than allow surveillance data to be admitted as evidence.
Also of note is this particular redaction, the length of which indicates this order is aimed at AT&T. (Gotta love monospaced fonts.)
This isn't the only document in which the NSA exposes something inadvertently. A January 2011 court order duly redacts anything worth noting, including the recipient of the order, right up until page 4, where this slips through.
Finally, two supplemental orders from 2011 indicate the NSA was also gathering credit card information along with the rest of the metadata, possibly inadvertently. Both contain the following paragraph.
It is hereby ORDERED that such reports, in addition to the elements described in Paragraph shall include a discussion of NSA's consideration and, to the extent feasible, implementation of methods of purging the credit card information produced by [xxxxxxx] and described in letters submitted by the government on March 1, 2011, and April 13, 2011, in Docket Nos. BR 10-49 and BR 10-70.Note the time difference between the letters from the government and the orders to which they refer. Both BR collections were authorized by court orders in 2010 (10-49 was signed 08-04-10 and 10-70 on 10-29-10). At the very least, the NSA was sweeping up credit card info for nearly six months before it was pointed out.
What these documents show is that the NSA does have several layers of accountability and oversight, much of which has been in place since the inception of the Section 215 program. Unfortunately, most of these controls are internal, making the word "oversight" rather meaningless. As Walton discovered before issuing his order halting the program, any oversight outside of the agency had to rely on the NSA's portrayal of its activities, something that was rarely accurate.
And there's reason to believe that much of what was implemented as a result of Walton's court order has been less than rigorously enforced over the last few years. The orders following this pivotal point ran 10-13 pages and were loaded with restrictions and reporting requirements. The order leaked by Snowden from April 2013 runs only 4 pages and limits disclosure of the data, but very little else. The extensive reporting requirements implemented in 2009, as well as the stipulations restricting the number of people authorized to give query approval, are no longer present. Given what happened during the first three years of the program, this lack of mandated controls doesn't exactly inspire confidence that abuses aren't ongoing.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bulk collection, fisc, james clapper, metadata, odni, section 215
Reader Comments
Subscribe: RSS
View by: Time | Thread
To make matters worse the external oversight that could be applied (by the Congress mainly) is simply ignored by those who can do it or it's in the hands of morons that think everything is fine if u leave things to the NSA collective.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Too Detailed Yet Too Vague; Didn't Read
Without futher comment, here's a more interesting piece:
Beyond the NSA: What About Big Data Abuse by Corporations, Politicians?
http://rinf.com/alt-news/latest-news/beyond-nsa-big-data-abuse-corporations-politicians/
Google's tailoring to YOU can selectively substitute, omit, and lie. You can't trust anything on the net, neither what you see nor what you don't see!
02:02:14[c-5-5]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
irony
The key word for the NSA is "needless." They needlessly gather way more data than they could ever hope to analyze, then needlessly keep secrets that don't really need to be kept. And if those secrets weren't needless they wouldn't redacted them in one place and leave them uncensored elsewhere.
[ link to this | view in chronology ]
And they say metadata doesn't tell you much.
[ link to this | view in chronology ]
Conversation vs confrontration
[ link to this | view in chronology ]
Re: Conversation vs confrontration
[ link to this | view in chronology ]
USA Update
I hope you don't mind me posting comments here Mike, but in my own country of USA, I may be shot for daring to speak.
Democracy is hard here in the US. The military industrial complex seized power in 2014, stuffed the Senate with its own people, ejected the elected leader from the country and created a fake 'Electoral Commission' and 'Constitutional Court' to ensure it keeps power.
The media is owned by associates of the military machine. They pretend to be independent, but only the occasional critical remark is permitted, to give the fake gloss of balance.
The elected leader was demonized, they refer to him as the 'fugitive in dubai' and astroturf and propaganda screens blurt out messages of hate for 'dubai fugitives latest crimes'. No proof of these crimes ever comes forward, but they served their soundbite purpose.
Fake elections and counter protests have followed over the years, usually resulting in a giant massacre of democracy protestors. They blame these on the 'dubai fugitive', they claim he sent black-uniformed-terrorists to our country to kill us to make the military government look bad. But we know it was the military government itself. They don their black uniforms, kill us, then pretend its someone else.
Like a plot from a cheap novella, they will catch these black shirts burning down a village, but the village is a few straw huts in a field that nobody has ever stepped in. They are lazy, they think we are stupid.
The military wants to hold power, but the people rebel, so the military keeps power by controlling the agencies of state instead. When an elected leader gets out of hand, the military controlled 'National Anti Corruption Council' finds them guilty of 'failing to stop corruption' and bars them from power, banning their party.
They reform, under a new name with new people and we vote for them. Using colors to keep track as they change their names and faces, 'red-pants' as we call them for their distinctive red colored pants. Vote 'red-pants'!
The latest red-pants elected government was evicted when a corrupt military front man from the South of the country crawled his way up with a rent-a-mob and demanded our Prime Minister resign and alluded to all sorts of special authority. Authority normally attributed to the dark power of the military machine.
How do we know he has that authority? Because the military didn't shoot him. Surely someone claiming to speak for them would quickly be shot.
And when he demanded she step down or be kidnapped, surely she would step down, afraid of the military. And when his doctor friend says he will surgically operate on her genitals, surely that dehumanizing sexual threat will make her resign.
He made the demand, but there was something different this time. Our leader, she said no, she called elections but she did not resign and did not hand him power. No means no.
The military propaganda machine is in full swing. "She is corrupt" they say, but they are corrupt. "We are the people" they say, but they are the military. "She is anti-democratic", but they are the dictators.
This man wants to install 400 of his military cronies into power, but the people dare to ask him 'who'. And he can't name them. Then he says he will 'reform the corrupt government', and the people ask 'how', and he doesn't know how. It's as if he just expected to be handed power and didn't think the next step. How dare we ask him questions!
So then the people ask 'why' and it's clear the army is afraid. How can they shoot people just for asking why power should be handed to this idiot?
The military needs us, we feed them, we cloth them, their people are us! So without us, there is no them! They can't just take power, because we'll stop working.
Instead they fake disasters so they can be a savior. They create imaginary bad guys so they can battle them.
Bombs have started going off. The military protestors are the target, yet their leader is not afraid, he is defiant! He will stand against these Dubai black uniformed terrorists trying to kill his people.
And those people show each other videos, and pictures, the bombers are soldiers, military men, the very guards of the leader they follow! They are being killed so the propaganda machine can paint him as savior!
The Electoral Commission has secretly already agreed it will cancel elections if there is too much democracy in the result. None of us know whether we'll be shot tomorrow for daring to think for a second that we can vote.
I hope your country Mike, doesn't become like our country. It's very important to keep the bodies of government within the control of the democracy. If you let a feudal power take control of those bodies, then with it you lose the democracy itself.
[ link to this | view in chronology ]
How the mighty have fallen...
*Apparently that word is spelled wrong, and it's supposed to be 'Utopian' according to spellcheck, looks like the AC's government issued, double-good 'spellchecker' traveled back with him to 'correct' my spelling mistake.
[ link to this | view in chronology ]
Re: How the mighty have fallen...
Surely we must cast our eyes to the far right of the Y axis:
https://books.google.com/ngrams/graph?content=whistleblower&year_start=1800&year_end=20 08&corpus=15&smoothing=3&share=&direct_url=t1%3B%2Cwhistleblower%3B%2Cc0
?
[ link to this | view in chronology ]
Re: Re: How the mighty have fallen...
[ link to this | view in chronology ]
Re: Re: How the mighty have fallen...
[ link to this | view in chronology ]
Re: Re: Re: How the mighty have fallen...
[ link to this | view in chronology ]
Wait...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]