2008 FISA Transcript Shows NSA Already Knew It Might Have An Incidental Collection Problem

from the where-'about'-means-'how-about-we-just-collect-it-all?' dept

The ODNI has released several documents in response to FOIA lawsuits (EFF, ACLU). The EFF scored 18 of these (handy zip link here) and the ACLU seven. The ACLU's batch has proven more interesting (at least initially). One document it obtained shows a tech company challenged a Section 702 surveillance order in 2014. The challenge was shut down by the FISA court, but with the exception of Yahoo's short-lived defiance, we haven't seen any other evidence of ISP resistance to internet dragnet orders.

Included in the ACLU's batch is a 2008 FISA Court transcript [PDF] that's particularly relevant to the NSA's voluntary shutdown of its "about" collection. In it, the NSA discusses its filtering and oversight procedures, which were already problematic nearly a decade ago.

There are some really interesting tidbits to be gleaned from the often heavily-redacted proceedings, including this statement, which makes it clear the NSA engaged in wholly-domestic surveillance prior to the FISA Amendments Act.

THE COURT: All right. Well, what about the non-U.S. person status, which of course is new under the FISA Amendments Act? Are you going to be changing anything in terms of focusing on that?

[REDACTED GOV'T RESPONDENT]: We already sort of do with respect to the U.S. person status is so intertwined with the location of the target [REDACTED] to the extent that in the past NSA.would actually affirmatively identify targeted U.S. persons to us on the sheets, because one of the additional fields that they put in the sheets is basically a blurb, an explanation and a description of the target.

Clearly, we're not allowed to target US persons anymore, so I don't anticipate seeing any such descriptions on the sheets. But again, since the status of the person, the determination of how that is made is so intertwined with the same information upon which NSA relies to make a foreignness determination, that it would be hard for us not to identify such information as we're conducting the reviews.

Which, of course, means the NSA was allowed to target US persons and their communications previously, contradicting statements made by US officials, including President George W. Bush and Vice President Dick Cheney.

It's stated earlier in the transcript that the NSA does a few things to help minimize examination of US persons' communications. But they're not great. The NSA runs spot checks on analysts' transactions, deploys filters, and relies on self-reporting to guard against Fourth Amendment violations. It sounds like quite a bit, but the details show it's not nearly enough. To start with, the filters meant to filter out US persons' communications don't work.

COURT: The NSA minimization procedures, you're stating, 'contain a provision for allowing retention of information because of limitations on NSA's ability to filter communications.' My question I had was is the filter discussed in targeting the same filtering. I just wanted to understand that, and apparently it is. [The rest of the court's question is redacted.]

GOV'T: I think the inclusion of that provision in the minimization procedures was intended to be prophylactic in the event that the filters don't necessarily work, and NSA has represented that it's been their experience with the filters and [redacted] this provision basically captures instances where the filters may not work in every instance.

And there's a good reason why they won't work "in every instance." Further unredacted discussion reveals the NSA partially relies on an IP address blacklist to filter out US persons' communications. This is better than nothing, but still a long way from being a strong positive indicator of a target's (or incidental target's) location.

The court then asks about the limitations of the filters and… we get several fully-redacted pages as an answer.

The court also asks about the "about" collection -- where targets are discussed but the communications do not directly involve NSA targets.The judge wants to know how often this is being used rather than the more-targeted "to/from" collection and how often it results in incidental collection. Unsurprisingly, the government can't say how often this happens. This is because the NSA saw no reason to track these searches.

GOV'T: As far as the percentage number, we don't have a number for that, because as I mentioned earlier, when we [redacted] we find to's and froms and [redacted] so we don't categorize those separately to be able to count those communications as abouts.

The court then asks why it's not possible to limit the collection to to's and froms. The government's response is that collecting it all just works better for the NSA, even though it apparently possesses the technical ability to keep these collections separate.

It is technically feasible. The problem with doing so is if you end up discarding a number of communications that are truly to-froms that you should be able to collect but [redacted]...

So by trying to limit us to no abouts, then we end up cutting out those kind of communications as well, truly to-froms. So it would be -- we're not surgical enough to take that out of the equation without impacting our ability to do to-froms effectively.

And later in the discussion, there's a bit of a bombshell about the "about" collection. The NSA shut it down because it couldn't find a way to prevent incidental collection of US persons' communications. In this transcript, the government points out incidental collection is just as likely with to-from targeting.

COURT: Is it more or less likely to pick up U.S.-person information in an about than a to or from?

MR. OLSEN: I don't know the answer in practice. At least from my perspective in theory, I wouldn't see why it would be more likely than a targeted to or from collection where the target's outside the United States where there's a similar possibility that that target would be in communication with someone in the United States, with a U.S. person in the United States.

If this is true, the elimination of the "about" collection doesn't do much to curtail incidental collection. And almost a decade ago, the NSA was already making it "impossible" to comply with Congressional requests for incidental collection numbers by refusing to separate its collections, even with the FISA Court raising questions about its Fourth Amendment implications.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 702, domestic surveillance, foia, incidental collection, nsa, section 702, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    stine, 16 Jun 2017 @ 5:13am

    you're kind of naive

    > Which, of course, means the NSA was allowed to target US persons and their communications previously, contradicting statements made by US officials, including President George W. Bush and Vice President Dick Cheney.

    You're kind of naive, and you're young. I can remember using this joke in the late 1970's:
    Do you know how to apply for a job at the NSA?
    Call your grandmother and ask for an application.

    I used to think that was a pretty good joke, considering that my grandmother's phone, at the time, was a party-line.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Jun 2017 @ 7:06am

    > So by trying to limit us to no abouts, then we end up cutting out those kind of communications as well

    By George, I think he's got it!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Jun 2017 @ 7:25am

    Not sure how I feel about this article. Very thin. In 2002, Thomas Drake brought to senior leadership of the NSA that they were violating the Constitution by picking up citizens communications.

    So they new about it at least in 2002, not later in 2008.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Jun 2017 @ 11:14am

    The court then asks why it's not possible to limit the collection to to's and froms. The government's response is that collecting it all just works better for the NSA, even though it apparently possesses the technical ability to keep these collections separate.

    Of course it "works better for the NSA"...it means less work involved. But since when did their laziness start trumping the Constitution?

    The NSA has the most super computers in the world, yet can't figure out how to effectively implement a filter? If that's truly the case, then they could start by lightening their dataset to filter from by not trying to collect every bit of information on the planet.

    link to this | view in chronology ]

  • icon
    David (profile), 16 Jun 2017 @ 3:02pm

    They could ask Google

    Google searches the entire blasted web. And often. And in extensive detail.

    Surely someone in that vast storage house of business/personal data can run 'grep'. Well, able to do so and convey such knowledge to those with their head in the sand.

    NSA: No Sand Anywhere.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.