The NSA's 'Time Machines' Make It Incredibly Easy To Violate Section 702 Restrictions

from the collect-all-the-things! dept

Marcy Wheeler has a fascinating post about NSA collection activities under Section 702 and Executive Order 12333. The rules governing the collections allow the NSA to gather communications when a targeted foreigner leaves the country, but are supposed to cease when this target returns to the United States. It's something that's easier said than done, even when the NSA engages in good faith efforts to abide by these restrictions.

As Wheeler points out, the collection efforts don't always comply with these rules, and the way they're constructed allows the NSA to collect communications and other data it shouldn't have access to. First, this is how they're supposed to work:

The short version is that FISA imposes some restrictions on whether you can collect data at rest to obtain data from outside the period of a FISA order. Thus, if you're not supposed to collect on someone when they're in the US (whether that person is a US person or a foreigner), there are classified restrictions about whether you can collect stored data from that period.

None of these rules are (as far as I'm aware) public, but there are rules for all the various laws. In other words, you're not supposed to be able to collect GMail on a foreigner while they're in the US, but you're also not supposed to be able to cheat and just get the same Gmail as soon as they leave the country.

When a US person is targeted, violations are even more likely. Again, the NSA can collect data and communications created when this person is located overseas, but is not supposed to have access to anything created while the person was in the United States. But it doesn't always do this, thanks in part to how it conducts its FISA searches.

This is even more complex for Americans. Domestically, there are two kinds of collection: 1805, which is the collection of data in motion — an old fashioned wiretap, and 1824, which is called a "physical search" order. The government likes to hide the fact that the collection of data at rest is accomplished with an 1824 physical search order, not 1805. So an 1824 order might be used to search a closet, or it might be used to image someone's hard drive. Most often, 1805 and 1824 get combined, but not always (the FISC released a breakdown for these last year).

So, when this target travels overseas, the person data can be collected. While it's restricted to the time period the person is out of the country -- and further restricted by the period covered by the FISA order -- the NSA's collection programs, which include implants on devices, continue to gather data in motion while the collection is supposedly forbidden. This is stored by the NSA, accessible at any time.

Data at rest is an even bigger problem. This often comes from device imaging or exfiltration via hacking. Data at rest can come from any time period, including months or years before the person became an NSA target. This is the end result of the NSA's multiple collection authorities and its harvesting tactics.

Effectively, once someone leaves the country the NSA has access to time machines to collect data from the past, though there are supposed to be limits on doing this.

[...]

[B]ecause of the differing rules on data in motion and data at rest — and because of the truly awesome methods used as soon as someone goes overseas — there are actually a lot of ways that NSA can get around the legal limitations based on space by playing with the limitations on time.

As Wheeler notes, it's a problem for the NSA, even when it engages in good faith collection efforts. Segregation of data is an ongoing issue, one highlighted by its recent abandonment of its "about" email collection. Most of the legal authorities used are seldom discussed because they remain shrouded in official secrecy, so there's no telling how often violations occur. But the NSA's data-harvesting "time machines" clearly violate guidelines and are yet another reason no one should be in a hurry to grant a clean reauthorization of Section 702 at the end of this year.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 702, nsa, section 702, surveillance, time machine