Appeals Court Revives Wikimedia's Lawsuit Against The NSA
from the doesn't-'collect-it-all'-mean-'collect-it-all?' dept
Back in 2015, Wikimedia's lawsuit against the NSA -- filed with several other plaintiffs and with the help of the ACLU -- was tossed out by the district court. Wikimedia argued it was illegally the subject of NSA upstream surveillance, thanks to the nature of this Section 702 collection. Wikimedia's reach is global, making it highly likely the NSA was gathering its content and communications while snagging data off internet backbones.
To further demonstrate the probability of this happening, Wikipedia submitted leaked Snowden documents, including an NSA presentation slide that contained Wikimedia's logo.
>
No dice. The district court said Wikimedia had no standing to pursue these claims, even with the unexpected buttress of leaked NSA documents. The court went even further, disabusing Wikipedia of its "99.9999999999% certainty" notion that the NSA had illegally harvested at least one of its trillions of internet transactions. In all, it was a very ugly day for Wikimedia and its lawsuit.
Fortunately, for Wikimedia, its lawsuit has been revived on appeal. The Fourth Circuit Appeals Court is far more amenable to Wikimedia's claims, finding them to be more credible than the lower court determined. From the opinion [PDF]:
[A]t least at this stage of the litigation, Wikimedia has standing to sue for a violation of the Fourth Amendment. And, because Wikimedia has self-censored its speech and sometimes forgone electronic communications in response to Upstream surveillance, it also has standing to sue for a violation of the First Amendment.
The court doesn't necessarily treat all of Wikimedia's allegations as true, but finds it has handed over enough background evidence to give it standing to pursue its First and Fourth Amendment claims.
But this revival is limited to Wikimedia and only some of its claims. The seven other plaintiffs aren't invited to the next district court round. A lack of produced evidence appears to have killed off the "dragnet" claims raised by the plaintiffs (which includes Wikimedia). The other defendants have a much smaller web footprint, making it less plausible their communications were subjected to upstream collection by the NSA. The only way those claims would be plausible is if the court found the "dragnet" assertions plausible… which it doesn't.
The Dragnet and Wikimedia Allegations share much in common. Because each alleges the same particularized and ongoing cognizable injuries, our analysis of the injury-in-fact, traceability, and redressability elements of Article III standing with respect to the Wikimedia Allegation also applies here. But there’s a key difference in the scope of the two allegations. In the Dragnet Allegation, Plaintiffs must plausibly establish that the NSA is intercepting “substantially all” text-based communications entering and leaving the United States, whereas it’s sufficient for purposes of the Wikimedia Allegation to show that the NSA is conducting Upstream surveillance on a single backbone link. Because Plaintiffs don’t assert enough facts about Upstream’s operational scope to plausibly allege a dragnet, they have no Article III standing.
The difference between the two claims is one of numbers. Wikimedia only had to show its traffic traveled across enough internet backbones to plausibly claim harvesting from any one of them would result in interception of its communications. The "dragnet" argument claims the NSA is harvesting almost everything that travels across multiple backbones. The majority finds this assertion unlikely. The dissent, however, says the same arguments Wikimedia put forth to demonstrate the probability of illegally-intercepted communications lend credence to the "dragnet" argument simply because that's how internet traffic works.
Plaintiffs have plausibly alleged that the NSA surveils most backbone links because — based on the technical rules governing internet communications — the agency cannot know which link the communications it targets will traverse when they enter or leave the United States. The path that packets take along the internet backbone is determined dynamically based on unpredictable conditions. Thus, a communication sent by a surveillance target can enter the United States through one backbone link, but an immediate response returned to the surveillance target can traverse a different backbone link. Similarly, communications sent by a surveillance target at different times or locations can traverse different backbone links. Given this technical limitation, the government’s disclosure that the NSA seeks to “comprehensively acquire communications that are sent to or from its targets,” J.A. 49, renders Plaintiffs’ allegation plausible. If the NSA cannot know which backbone link its targets’ internet communications will traverse, then the only way it can comprehensively acquire its targets’ communications is by surveilling virtually every backbone link.
It's a good point but it's not enough to save the rest of the plaintiffs, which include the National Association of Criminal Defense Lawyers, Human Rights Watch, and Amnesty International. Perhaps a further examination of Wikimedia's arguments by the lower court will aid these plaintiffs in their future legal endeavors.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th circuit, nsa, section 702, standing, surveillance, upstream collection
Companies: wikimedia
Reader Comments
Subscribe: RSS
View by: Time | Thread
NSA competence
Ah, the fourth. The issue is the definition of "seizure". For they are not seizing, they are copying! c.f. Utah data center.
I suggest a copyright infringement charge x 10^100000 ;)
[ link to this | view in chronology ]
Beyond stupid
[ link to this | view in chronology ]
Defining “dragnet”
The court agrees that Wikimedia is likely to have been surveilled—as the post notes—due to the sheer volume of Wikimedia traffic. This admits implicitly that NSA performed/performs mass data collection, as any Internet service of similar scale could make the same claim.
But the court performs the following dance to avoid an uncomfortable term:
As the dissent seems to notice, this is splitting a hair very finely. The providers of a service successfully argue that it has been snooped on the basis of traffic volume alone, and the court admits that the NSA surveils “most” backbones. Either the judge has a poor understanding of the volume of data that can be collected from a backbone, or he/she has an unusual definition of “dragnet”.
[ link to this | view in chronology ]
crooked judge
... the 3rd & correct conclusion is that this judge is acting maliciously and illegally in refusing to uphold the 4th Amendment.
This judge (and all judges) are hired employees of the government and work in formal departments of the government.
They primarily represent the interests of their employer (the government), especially in direct disputes of private citizens/organizations against "government" agencies.
Blind trust in government judges & courts is a major error that effectively shields vast amounts of government malfeasance. But most Americans are brainwashed into implicit trust of all courts/judges
[ link to this | view in chronology ]
https???
Umm, don't most sites use httpS now?
[ link to this | view in chronology ]
Re: https???
Wikipedia will redirect to https now, but according to the NSA's slide it used to be http. Their https setup was weird for a long time; you had to go through a different domain, I think wikimedia.org, so very few people would have been doing it (probably just "HTTPS anywhere" users).
[ link to this | view in chronology ]
Re: https???
[ link to this | view in chronology ]
Re: Re: https???
[ link to this | view in chronology ]
Tor?
What then? Not "going dark" but "all black" (and thus a concerted attack on Tor).
Tensions, tensions.
[ link to this | view in chronology ]