Latest Declassified NSA Records Show NSA Believes It Can Spy On Everyone's Location Based On Existing Approvals

from the of-course-it-does dept

James Clapper has declassified another batch of documents on the NSA activities. We'll probably write about a few of them, but let's start with one that's getting a lot of initial attention: the document that discusses the "test" of collecting location info from the telcos based on where your mobile phone was. The short version? Do you know where you were on April 26, 2010? Because the NSA probably does. It had already been revealed that the NSA had run "a test" of obtaining location info from the telcos. This document, which is a memo from the NSA to the Senate Intelligence Committee is just explaining some of the details, with this being the key one:

In regards to the mobility testing effort, NSA consulted with DOJ before implementing this testing effort. Based upon our description of the proposed mobility data (cell site location information) testing plans, DOJ advised in February 2010 that obtaining the data for the described testing purposes was permissable based upon the current language of the Court's BR FISA order requiring the production of 'all call detail records.' It is our understanding that DOJ also orally advised the FISC, via its staff, that we had obtained a limited set of test data sampling of cellular mobility data (cell site location information) pursuant to the Court-authorized program and that we were exploring the possibility of acquiring such mobility under the BR FISA program in the near future based upon the authority currently granted by the Court.

The key takeaway here: the NSA believes that the current FISA approval of dragnet collection of metadata on every phone call includes permission to track location data as well, even though it doesn't currently do so. The "BR FISA order" means "business records" which is what Section 215 of the PATRIOT Act is sometimes called. The fact that the NSA didn't seem to think it was necessary to check with the FISA Court before running this test, just to make sure it was actually allowed is rather telling.

Separately, can anyone explain why the redacted portions of this document are redacted? It makes no sense. They redact the number of location records that were obtained. I can't see how that number could possibly need to remain classified once the existence of such a test was declassified. The only reason I can think of to keep that classified is to avoid embarrassment over the large number of people whose location info was scooped up. Similarly, they redact the name of the lawyer who wrote the memo. Again, the only reason I can think to do this is to protect him from embarrassment and public mocking. Such a public mocking might seem unfair, but I don't see how it fits in with a reasonable classification category.

Filed Under: business records, fisa, fisc, location data, nsa, nsa surveillance, patriot act, section 215

Senators Wyden And Udall: US Gov't Still Not Being Honest About NSA Surveillance

from the but-of-course dept

Even while NSA defenders are bitching about Senator Ron Wyden hinting strongly about the NSA and the DOJ abusing various interpretations of the law to spy on Americans with the bulk collection of data, it seems that neither Wyden nor Senator Mark Udall are planning to back down. Specifically, Wyden noted (as explained below) that the feds admitted to serious violations of the law -- but have done so in classified letters, rather than publicly. He's hoping to change that.

Wyden told Politco that "U.S. intelligence agencies’ violations of court orders on surveillance of Americans is worse than the government is letting on." Julian Sanchez, over at Cato, notes that Wyden seems to be all but screaming about how the feds have also collected location data, despite carefully worded denials. As Sanchez notes, Wyden keeps going back to questions concerning location tracking via mobile phones -- and it would seem odd to do that if he didn't know something. After all, the revealed info so far hasn't included location data:

Wyden’s constant references to location tracking in this context would be nothing short of bizarre unless he had reason to believe that the governments assurances on this score are misleading, and that there either is or has been some program involving bulk collection of phone records. Wyden, of course, would know full well whether there is or is not any such program via his role on the Intelligence Committee—and his focus on location tracking over the activities we know NSA is engaged in, such as monitroing of Internet communications and bulk collection of phone records, would be an inexplicable obsession if he knew that no such program existed.

From what Wyden said today, it sounds like the NSA potentially did collect location data, but may not be doing so currently "under these programs."

Both Udall and Wyden took to the Senate floor this evening to argue further that the government is not being fully honest in what it does, and that it's a violation of our privacy. They're now introducing legislation to limit these government surveillance programs (from the Patriot Act Section 215 and the FISA Amendments Act Section 702). Specifically, the proposal is for the government to be able to request that the telcos do a search if they can show a good reason for a search -- rather than collecting all data and searching them later.

Udall pointed out that defenders of these programs are carefully choosing their words and conflating various programs, picking and choosing to mislead the American public. For example, he points out that the claims that the bulk phone records program was instrumental in stopping 54 "terrorism" cases are not accurate, and that, as an Intelligence Committee member, he's yet to see any evidence that the bulk collection of phone records has been necessary to stop any terrorism event. Rather he hints strongly that defenders of the program are using other programs and using misleading statements to pretend the bulk records were necessary. As he points out, the bulk records may have made things more convenient, but that's no excuse for violating the privacy of millions (or hundreds of millions) of innocent Americans.

Wyden's speech goes into similar territory about the complete lack of evidence that the bulk data collection was necessary in any terrorist cases, but then goes further, saying that the "classified" documents that James Clapper sent last week show that the NSA's admitted violations of the Patriot Act show that their actions are significantly worse than has already been disclosed. He urged other Senators to go read the classified documents that Clapper sent, noting that when they read them, they'll realize just how badly the intelligence community has violated the law. He says that he's going to push to have more info about those abuses disclosed and declassified. Later, he points out that the rules of the Intelligence Committee mean he's not allowed to "tap out warnings in Morse code" and that limits his ability to play the watchdog role he's supposed to play on that Committee. He also said that their public statements "significantly exaggerated" the importance of bulk data programs -- and uses the example of the bulk data collection of emails, which was shut down in 2011 after the surveillance community failed to prove to the Intelligence Committee that the program was actually useful. He notes that if the government can't show that the program increases either security or liberty, it seems like it should be ended. Instead, he notes that we can make changes to the intelligence community that let us have security and liberty without compromising either.

Filed Under: bulk collection, government, james clapper, location data, mark udall, nsa, nsa surveillance, patriot act, ron wyden, section 215, surveillance

Surprise: Federal Court Says Warrant Needed For Mobile Phone Location Info

from the didn't-see-that-coming dept

There have been some mixed rulings on whether or not the government needs a warrant and to show probable cause (a la what's left of the 4th Amendment) in order to get mobile phone location info. Courts have ruled in different ways, but the federal courts, for the most part, have been much more agreeable to saying no warrant is needed (state court seem to lean the other way). However, in a bit of a surprise, a federal court went the other way and said a warrant is needed under the 4th Amendment.

The court actually lays out the issue directly, and worries about what it means if the government can just get this info without showing probable cause:

What does this mean for ordinary Americans? That at all times, our physical movements are being monitored and recorded, and once the Government can make a showing of less-than-probable- cause, it may obtain these records of our movements, study the map our lives, and learn the many things we reveal about ourselves through our physical presence.

After going through the relevant (and at times conflicting) laws and case law, the court notes that while general location info may be public, rather than private info, a massive collection of such info seems to go over the line. That's especially true when the government can access multiple records from multiple people:

The cell-site-location records at issue here currently enable the tracking of the vast majority of Americans. Thus, the collection of cell-site-location records effectively enables "mass" or "wholesale" electronic surveillance, and raises greater Fourth Amendment concerns than a single electronically surveilled car trip. This further supports the court's conclusion that cell-phone users maintain a reasonable expectation of privacy in long-term cell-site- location records and that the Government's obtaining these records constitutes a Fourth Amendment search.

The court also dives into the controversy over the third party doctrine, which basically says that once you "give up" information to a third party, you no longer have 4th Amendment protections over it -- and in this case, the government argues that users have given up their location info to mobile operators. The court notes that the third party doctrine does still apply to such info, but that it should not apply to cumulative records, saying that this is an important limitation on the third party doctrine.

This court concludes that cumulative cell-site-location records implicate sufficiently serious protected privacy concerns that an exception to the third-party- disclosure doctrine should apply to them, as it does to content, to prohibit undue governmental intrusion. 7 Consequently, the court concludes that an exception to the third-party-disclosure doctrine applies here because cell-phone users have a reasonable expectation of privacy in cumulative cell-site-location records, despite the fact that those records are collected and stored by a third party.

Finally, and most importantly, the court makes a plain language rejection of the excuses often used by the government to pick away at the 4th Amendment:

The fiction that the vast majority of the American population consents to warrantless government access to the records of a significant share of their movements by "choosing" to carry a cell phone must be rejected. In light of drastic developments in technology, the Fourth Amendment doctrine must evolve to preserve cell-phone user's reasonable expectation of privacy in cumulative cell-site-location records.

It's definitely a compelling and well-reasoned argument from Judge Nicholas Garaufis, and we hope that other courts will follow. However, we fear that he walks such a fine line in distinguishing this ruling from other cases, that it will be way too easy for higher courts to overturn this ruling.

Filed Under: 4th amendment, location data, mobile phone, privacy, third party doctrine, warrants