Hey NSA: Even If AT&T Was Collecting The Info For You, The Fourth Amendment Still Applies

from the can't-outsource-constitutional-responsibility dept

We've already written a few articles about the confirmation that AT&T is going above and beyond what's required by the law to be a "valued partner" of the NSA in helping with its surveillance campaign. While it's long been known that AT&T was giving fairly direct access to its backbone (thank you Mark Klein!), the latest released documents provide much more detail -- including that AT&T often does the initial "sifting" before forwarding content it finds to the NSA. To some NSA apologists, this is proof that the NSA isn't so bad, because it doesn't have full unencumbered access to everything, but rather is relying on AT&T to do the searching and then handing over what it finds. Of course, as the documents showed, it's only in some cases that AT&T searches first, in others it appears that the NSA does, in fact, have full access.

But, still, as Cindy Cohn at the EFF is noting, if the NSA thinks that having AT&T sift first and then voluntarily hand stuff over somehow absolves it of violating the 4th Amendment with these collections, well, then the NSA is wrong.

First some law: the Fourth Amendment applies whenever a "private party acts as an ‘instrument or agent’ of the government." This rule is clear. In the Ninth Circuit, where our Jewel v. NSA case against mass spying is pending, it has been held to apply when an employee opens someone's package being shipped in order to obtain a DEA reward (US v. Walther), when a hotel employee conducts a search while the police watch (US v. Reed), and when an airline conducts a search under a program designed by the FAA (United States v. Davis), among others.

The concept behind this rule is straightforward: the government cannot simply outsource its seizures and searches to a private party and thereby avoid protecting our constitutional rights.  It seems that the NSA may have been trying to do just that. But it won't work.

Given that the EFF is already challenging this collection in the Jewel v. NSA case, it seems like the latest leak may be somewhat helpful.

Filed Under: 4th amendment, 702, backbone, mark klein, mass surveillance, nsa, surveillance, tapping, upstream
Companies: at&t

Leaked Damage Assessment Shows Government Mostly Interested In Investigating Leakers, Withholding Information From Public

from the oh,-and-terrorists,-I-suppose dept

The Intercept has just released an interesting document from its Snowden stash: an unredacted damage assessment of the New York Times' 2005 exposure of the NSA's warrantless wiretapping program -- a program that saw the agency monitoring the emails and phone calls of US citizens.

It's not that the government hasn't made damage assessments public before. It just does it very, very rarely and mostly for self-serving reasons. The most recent publications of damage assessments were in response to the Snowden leaks. The released assessments were heavily-redacted and made plenty of unfounded assertions about the damage done to the national security infrastructure by the leaks.

This 2005 damage assessment was never released. It was purely an internal document. Thanks to it being part of Snowden's package of leaked documents, it can be read without the sort of excessive redaction the government deploys when discussing even the most inane (or obvious) aspects of national security.

Such was the internal distress at the possible exposure of this surveillance program that the government managed to delay its publication for a year. Despite its successful pushback, the assessment here is no different that the assessment of the Snowden leaks. In other words, mostly speculation backed by very little support.

The memo gives a general explanation of what terrorists might do in reaction to the information revealed. It was “likely” that terrorists would stop using phones in favor of mail or courier, and use encryption and code words. They could also plant false information, knowing the U.S. government was listening. But the leaked program had not “been noted in adversary communications,” according to the memo. It gave no specific examples of investigations or targets that had or might be impacted by the revelations.

Once you get past the obvious suggestion that terrorists will adapt communication methods in light of presumably-unknown information, you get to more detailed discussion of the NYT article itself. The assessment breaks down every statement of fact in the article and provides its corresponding level of classification.

(TS//SI//STLW//NF//OC) "President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity."

(TS//SI//STL WIINF//OC) (NSA) "monitored the international telephone calls (communications to the U.S.) and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years … to track possible "dirty numbers" linked to Al Qaeda..."

(TS//SI//STLW//NF//OC) "NSA eavesdrops (under this program) without warrants on up to 500 people in the United States at any given time." ... the number monitored ... may have reached ... the thousands"

(S//SI) "Overseas, about 5,000 to 7,000 people suspected of terrorist ties are monitored (by NSA) at one time."

Oddly, the government considers the most obvious possible outcome of the exposure of this program (that terrorists would alter communications in light of this info) to be "classified."

(C) (The article) would alert would-be terrorists (inside the United States) that they might be under scrutiny.

If there was a battle for American hearts and minds to be fought in the wake of this publication, you'd think the agency would want this conclusion made public (preferably with some supporting evidence), rather than bury it with other classified documents.

Nearly a decade down the road, the government has yet to offer any solid proof that the New York Times' article resulted in compromised capabilities or surveillance programs.

“To this day we’ve never seen any evidence — despite all the claims they made to keep us from publishing — that it did any tangible damage to national security. This is further confirmation of that,” [New York Times writer Eric] Lichtblau told The Intercept.

In fact, the only clear response to the publication of this leaked info didn't take the form of altered collection techniques or additional terrorist attacks. It took the form of a full-blown DOJ investigation, involving 25 FBI agents and five prosecutors. This too, resulted in a whole lot of nothing.

The leak and the response to it indicates the government was more worried about US citizens, rather than its foreign adversaries, finding out about what it was up to.

Filed Under: 702, bulk collection, damage assessment, ed snowden, nsa, surveillance, warrantless wiretapping

DOJ Blurred Lines Between Terrorism & Crime To Expand NSA & FBI Warrantless Wiretapping Of 'Hackers'

from the whatever,-it's-all-the-same dept

This week, of course, the US government passed the USA Freedom Act, a modest step towards reform. As we've noted, it doesn't even touch on two of the more concerning surveillance authorities: Executive Order 12333 and Section 702 of the FISA Amendments Act, which includes the infamous "warrantless wiretapping" programs that allow the NSA to tap "upstream" fiber optic cables from AT&T and others to sniff all data traveling across those cables.

Pro Publica and the NY Times have teamed up to report on how the DOJ expanded the warrantless wiretapping regime to go after hackers. There's a lot to unpack in the story (which is well worth reading), but the short version is that, under pressure from the White House, NSA and others, officials appear to have deliberately blurred the lines between "crime" and "international terrorism" in order to get the DOJ to sign off on secret legal orders allowing the NSA and the FBI to use its "upstream" snooping capabilities to monitor certain "cybersecurity signatures" which include basically anything the feds want, to sniff out a hacker. From the revealed documents (which, yes, come from Ed Snowden's cache): If you can't see that, the key line is:

The Certification will also for the first time spell out the authorization for targeting cyber signatures such as IP addresses, strings of computer code, and similar non-email or phone number-based selectors.

In short: the government said, "okay, you can now sniff that upstream firehose for hackers based on whatever "code snippets" or "IP addresses" we give you."

Of course, this raises some questions about the split between domestic law enforcement and international anti-terrorism/foreign intelligence work. Remember, the 702 upstream program is pretty specific in that it's only to be used for non-domestic, non-criminal work. But, according to the White House, those distinctions no longer matter:

“Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical,” the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA’s internal files.

Yes, apparently, it's "impractical" for the surveillance state to actually follow the law.

The documents also reveal that they really wanted access to that sweet, sweet upstream firehose, because much more limited programs like PRISM (which involve court orders to certain internet companies) didn't provide enough coverage: Then, to take things a step further, the government allowed the FBI direct access to the NSA's upstream collection, even though the FBI doesn't have the same limits against surveillance on Americans that the NSA has. Why? Basically, the argument appears to be "well, the NSA already has that data... so... let's give it to the FBI as well": The documents do contain and interesting slide presentation about how and when certain capabilities can be used, including a slide dedicated to repeating the 4th Amendment, and another with a note saying that the "worst thing" the NSA can do is to use its signals intelligence capabilities "to collect against a [US Person] hacker" because doing so is "basically doing surveillance for [law enforcement] purpose without a warrant." So, at the very least, they understand the law, but it's not at all clear that they follow it: And, in fact, later in that same presentation, it notes that the NSA's Threat Operations Center (NTOC) wants more power to target "foreign hackers outside the US" without having to prove as much: "Because attribution is hard, just having to prove foreigness and an FI purpose is especially useful to NTOC."

According to the Pro Publica / NY Times report, the NSA sought more and more permission here, though it's not clear what has actually been granted:

In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments.

That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a “huge collection gap against cyberthreats to the nation” because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location or pretend to be someone else.

So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any “malicious cyberactivity,” even if it did not yet know who was behind the attack.

The newsletter described the further expansion as one of “highest priorities” of the NSA director, Gen. Keith B. Alexander.

Remember all of this when you see the government asking for new "cybersecurity" laws -- which all too frequently are ways of granting the NSA and/or FBI greater powers to do surveillance via these upstream collections. As The Intercept points out, during the big debates on cybersecurity over the last few years, the NSA has insisted that it doesn't have access to this kind of information, and almost every debate on the power of upstream collection by the NSA and others has been based on claims by the intelligence community that they only use unique identifiers like email addresses -- and not very, very broad identifiers like an IP address or "computer code."

There's a lot more in the full article and in the released documents which you can see below.

Filed Under: 702, cybersecurity, fbi, fisa, hacking, nsa, surveillance, upstream, upstream collection, warrantless wiretapping

Dianne Feinstein Accidentally Confirms That NSA Tapped The Internet Backbone

from the but-of-course dept

It's widely known that the NSA has taps connected to the various telco networks, thanks in large part to AT&T employee Mark Klein who blew the whistle on AT&T's secret NSA room in San Francisco. What was unclear was exactly what kind of access the NSA had. Various groups like the EFF and CDT have both been asking the administration to finally come clean, in the name of transparency, if they're tapping backbone networks to snarf up internet communications like email. So far, the administration has declined to elaborate. Back in August, when the FISA court declassified its ruling about NSA violations, the third footnote, though heavily redacted, did briefly discuss this "upstream" capability: In short, "upstream" capabilities are tapping the backbone itself, via the willing assistance of the telcos (who still have remained mostly silent on all of this) as opposed to "downstream" collection, which requires going to the internet companies directly. The internet companies have been much more resistant to government attempts to get access to their accounts. And thus, it's a big question as to what exactly the NSA can collect via its taps on the internet backbone, and the NSA and its defenders have tried to remain silent on this point, as you can see from the redactions above.

However, as Kevin Bankston notes, during Thursday's Senate Intelligence Committee hearing, Dianne Feinstein more or less admitted that they get emails via "upstream" collection methods. As you can see in the following clip, Feinstein interrupts a discussion to read a prepared "rebuttal" to a point being made, and in doing so clearly says that the NSA can get emails via upstream collections:

Upstream collection... occurs when NSA obtains internet communications, such as e-mails, from certain US companies that operate the Internet background, i.e., the companies that own and operate the domestic telecommunications lines over which internet traffic flows.

She clearly means "backbone" rather than "background." She's discussing this in an attempt to defend the NSA's "accidental" collection of information it shouldn't have had. But that point is not that important. Instead, the important point is that she's now admitted what most people suspected, but which the administration has totally avoided admitting for many, many years since the revelations made by Mark Klein.

So, despite years of trying to deny that the NSA can collect email and other communications directly from the backbone (rather than from the internet companies themselves), Feinstein appears to have finally let the cat out of the bag, perhaps without realizing it.

Filed Under: 702, backbone, dianne feinstein, nsa, nsa surveillance, surveillance, telcos, transparency, upstream collection

Internet Companies Argue A 1st Amendment Right To Correct False Reports On NSA Spying, Despite Gag Orders

from the fighting-the-fight dept

A week and a half ago, we noted that the intelligence community and the big internet companies (Google, Microsoft, Yahoo and Facebook) had failed to come to an agreement that allowed the tech companies to publish the details on how many requests FISA court orders they get and how many of their users this impacts. Given that, the various companies made it clear that this fight would continue in court. Today, they filed very similar briefs, which you can see below, claiming a few key things:

1. The various public reports from The Guardian, The Washington Post (and others, including Gawker) are flat out wrong concerning the nature of these companies' involvement with the NSA.
2. Because of the gag order on FISC orders under Section 702 of the FISA Amendments Act, the tech companies are barred from correcting the record, which is tremendously harmful to them and their business prospects.
3. They have a First Amendment right to give out information on how many such requests they receive, and how many users those requests have impacted.
4. Doing so would have no harmful impact on national security.

That seems to be the basic argument, and it's a strong one. The Google and Yahoo filings, in particular, don't hold back in terms of how ridiculous this whole situation is, in which they're accused of doing something and are barred due to a nebulous gag order from proving that they didn't actually do it. Some of the requests also note that the court's hearings over these challenges should also be held in public. As Google's filing notes:

Google further requests that the Court hold oral argument on this amended motion and that the argument be open to the public.. A public argument would be consistent with this Court's rules, which state that "a hearing in a non-adversarial matter must be ex-parte and conducted within the Court's secure facility," suggesting, by negative implication, that a hearing in an adversarial matter shall be open..... It is also required by the First Amendment, which generally protects a right of public access to judicial proceedings.

I imagine we'll be hearing about this case for quite some time....

Filed Under: 1st amendment, 702, first amendment, fisa amendments act, gag orders, nsa, nsa surveillance
Companies: facebook, google, microsoft, yahoo

James Clapper Says Feds Will Start Releasing Some FISA And NSL Metadata, But Not The Kind That Matters

from the it's-just-metadata... dept

We were just mocking the government's position that it cannot reveal the "metadata" on the numbers of FISA orders (and the number of people impacted) when those same people insist that we shouldn't worry about many NSA surveillance programs since they're "just metadata." And, now, the Director of National Intelligence has said that it will begin releasing some metadata on some key programs that had been secret before:

Specifically, for each of the following categories of national security authorities, the IC will release the total number of orders issued during the prior twelve-month period, and the number of targets affected by these orders:

• FISA orders based on probable cause ( Titles I and III of FISA, and sections 703 and 704).
• Section 702 of FISA
• FISA Business Records (Title V of FISA).
• FISA Pen Register/Trap and Trace ( Title IV of FISA)
• National Security Letters issued pursuant to 12 U.S.C. &sec; 3414(a)(5), 15 U.S.C. &sec;&sec; 1681u(a) and (b), 15 U.S.C. &sec; 1681v, and 18 U.S.C. &sec; 2709.

Our ability to discuss these activities is limited by our need to protect intelligence sources and methods.

For what it's worth this is a step forward -- and something the government should have done ages ago, but perhaps not nearly as big as Clapper would like everyone to believe. Note that they only say they'll reveal the number of "targets" rather than people impacted. Given that each person "targeted" may lead to scooping up records on many, many others, this seems fairly weak. Remember, for a "target" they can scoop up all kinds of records, and then go three hops deep. So, one target could impact thousands or possibly hundreds of thousands (or even millions) of people. This is a baby step forward, but it still seems designed to mislead.

Filed Under: 702, fisa, fisa amendments act, intelligence community, james clapper, metadata, national security letters, nsls

Loophole Shows That, Yes, NSA Has 'Authority' To Spy On Americans -- Directly In Contrast With Public Statements

from the and,-another-one dept

Right, so remember that claim yesterday from Barack Obama about how there is no domestic surveillance program? And remember in our post we noted that such a statement might come back to bite him, seeing that Snowden had leaked somewhere between 15,000 to 20,000 more documents to Glenn Greenwald and somewhere in there, it seemed like there was a decent chance there was evidence that Obama was lying? Right, so, funny story... this morning, James Ball and Spencer Ackerman over at the Guardian have published the details of a neat little loophole that does, in fact, give the NSA "authority" to run searches on Americans without any kind of warrant. This is due to a "rule change" in 2011. The focus here is on Section 702 under the FISA Amendments Act, which is the authority that the PRISM program is under. Ever since the initial leaks, the defenders of the NSA have repeatedly stated that 702 only applies to non-US citizens who are outside the US. But as the "update" above notes, there was a change to the rules in late 2011 which allows for queries on US persons. As Senator Wyden told the Guardian, this "loophole" now directly allows "warrantless searches for the phone calls or emails of law-abiding Americans."

This also seems reminiscent of our point on Wednesday, in which we noted that every time the NSA is asked about its ability to spy on everyone, it answers about its authority. And, here's evidence that it has clearly been given the "authority" to spy on Americans, contrary to the very clear language of the law.

Also, the timing of this seems interesting. Earlier, we'd noted that the NSA's massive data collection program, Stellar Wind, had been shut down in 2011. And... right about that time suddenly a new law is put in place allowing 702 searches to happen on US persons? I'm sure that's just a complete coincidence...

Filed Under: 702, backdoor searches, domestic surveillance, faa, fisa amendments act, loophole, nsa, nsa surveillance, ron wyden, surveillance, us persons

Senators To NSA: Your 'Fact Sheet' Isn't Factual; Can You Tell Us The Truth For Once?

from the look-at-that dept

We recently wrote about the NSA's highly questionable "talking points" about the various NSA surveillance programs that have leaked. Senators Ron Wyden and Mark Udall -- who have long been leading the fight to get people to understand how the NSA was spying on Americans -- have now sent a letter to NSA boss Keith Alexander saying that the "facts" in the NSA's "fact sheets" do not, in fact, appear to be factual, and asking him to correct the errors.

We were disappointed to see that this fact sheet contains an inaccurate statement about how the section 702 authority has been interpreted by the US government. In our judgment this inaccuracy is significant, as it portrays protections for Americans' privacy as being significantly stronger than they actually are. We have identified this inaccurate statement in the classified attachment to this letter.

We urge you to correct this statement as soon as possible. As you have seen, when the NSA makes inaccurate statements about government surveillance and fails to correct the public record, it can decrease public confidence in the NSA's openness and its commitment to protecting Americans' constitutional rights. Rebuilding this confidence will require a willingness to correct misstatements and a willingness to make reforms where appropriate.

Later in the letter, they also point to another "misleading" statement, amusingly using a letter that the Director of National Intelligence (DNI) sent to Wyden and Udall two years ago. This was back when they two were asking the DNI to at least reveal how many Americans had their info collected, and the DNI responded that "...it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed...." Now Wyden and Udall are using that line to show that the latest "fact sheet" must be wrong:

Separately, we note that this same fact sheet states that under section 702, "Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime." We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans. In fact, the intelligence community has told us repeatedly that it is "not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the authority" of the FISA Amendments Act.

So, basically: were you lying to us then, or are you lying to us now?

We'll see what the NSA's response is, but I imagine it will likely involve more lying.

Filed Under: 215, 702, james clapper, keith alexander, mark udall, nsa, nsa surveillance, prism, ron wyden