FISA Court Tries, Once Again, To Justify Allowing Bulk Collection Of Data On All Your Phone Calls

from the let's-try-this-again dept

Last week, the FISA Court (FISC) renewed yet again (as it has every few months for over 7 years) the ability of the government to demand data on every phone call from American telcos. Last month, the FISC (for the first time) published its rationale for allowing the collection -- one that many experts found extremely lacking. Not only did the court incorrectly state that members of Congress were fully aware of the details of the program when they renewed it, but it also made up some of its own rules and ignored some of the Supreme Court's statements on such forms of data collection.

Today, the court has declassified the new justification that was written up for this latest round of rubber-stamping, and it's written by a different judge than before. This time, it's Judge Mary McLaughlin, who notes that this is the first time she's had to review such an application, but for the most part she "agrees with and adopts" the reasoning used back in July by Judge Eagan to justify the collection. However, she also attempts to go into a little more detail, perhaps in response to the public criticism to Eagan's reasoning. Eagan's ruling stated the following:

In light of the importance of the national security programs that were set to expire, the Executive Branch and relevant congressional committees worked together to ensure that each Member of Congress knew or had the opportunity to know how Section 215 was being implemented under this Court's Documentation and personnel were also made available to afford each Member full knowledge of the scope of the implementation of Section 215 and of the underlying legal interpretation.

Unfortunately, as many have pointed out (and the White House has admitted) this is not true. Rep. Mike Rogers did not share the details with members of the House, despite the White House recommending strongly that he do so. While he did set up "briefings" with the NSA, they were clearly designed to keep Representatives in the dark. Among the many tricks that Rogers pulled, was sending announcements of the briefings to what's considered the "spam folder" of representatives, holding them at very inconvenient times (when most Reps. were out of town) and then leaving it up to the Reps. to guess what they should be asking about.

In this latest ruling, McLaughlin doesn't make the claim as directly as Eagan did, but still suggests that every member of Congress "had the opportunity to learn about the scope of the metadata collection and this Court's interpretation of Section 215." Thus, because they reauthorized it (thanks mostly due to fear-mongering by the heads of the Intelligence Committees), it must mean that Congress approved of the interpretation of the law. That seems specious, at best. It's increasingly clear that the heads of the intelligence committees actively sought to mislead others in Congress over these programs. Pretending that they were well informed is simply fiction. The very fact that so many in Congress (including some on the Intelligence Committee) have noted that they were kept in the dark about many important details, Judge McLaughlin is playing games here that don't reflect reality.

She also attempts to deal with the fact that in the Jones GPS case, the Supreme Court indicated that when there's bulk collection of data, it's possible to cross over from not being a 4th Amendment violation, to being one. In other rulings, the suggestion had been that if a single data point wasn't a 4th Amendment violation, then the bulk collection couldn't be either -- even though Justice Alito's opinion in Jones strongly argued otherwise. McLaughlin tries to hand-wave this away:

The Supreme Court's more recent decision in United States v. Jones... does not point to a different result here. Jones involved the acquisition of a different type of information through different means.

More specifically, she argues that because Jones was about monitoring and this case is about collection it's different. That also seems questionable, as Alito himself made the comparison to wiretapping. To argue that they're not analogous seems like it's ignoring what was said. McLaughlin does, legitimately, point out that Justice Sotomayor's opinion suggested that the whole notion of the 3rd party doctrine (saying there's no 4th Amendment protection for information given to a third party) should be revisited, but that the Court declined to do so in Jones.

Hopefully, this is setting up a situation in which the Supreme Court will no longer be able to punt the issue, as it did in Jones, and we can get some renewed respect for the 4th Amendment, especially in cases where bulk data is collected and accessed by government officials.

Filed Under: 3rd party doctrine, bulk collection, fisa, fisa court, fisc, metadata, patriot act, section 215, supreme court

FISA Court Argues To Senate That It's Not A Rubber Stamp

from the sometimes-it-requests-changes dept

The FISA Court is still trying to shed its reputation as a rubber stamp. In a new letter, responding to questions from Senator Grassley, the court explains that, while it's true that it eventually approves basically all requests that the intelligence community brings before the court, that doesn't take into account the changes it requires. It starts out by noting, as it has previously, that the "over 99%" approval rate is only for "final applications" and doesn't fairly consider that it frequently asks for substantial changes. In response to that earlier statement, Senator Grassley had asked how many times does it ask for substantial changes, and the court sent back the following late last week:

During the three month period from July 1, 2013 through September 30, 2013, we have observed that 24.4% of matters submitted ultimately involved substantive changes to the information provided by the government or to the authorities granted as a result of Court inquiry or action. This does not include, for example, mere typographical corrections. Although we have every reason to believe that this three month period is typical in terms of the historic rate of modifications, we will continue to collect these statistics for an additional period of time and we will inform you if those data suggest that the recent three months were anomalous.

Of course, by July 1st, it's pretty clear that the FISC knew that it was going to be under substantial scrutiny concerning these efforts, and the whole "rubber stamp" discussion had already been widespread in the press. While the court insists that this is probably no different than in the past, the real question is what was it in the past... and there, the FISC admits, it has no idea. In responding to the request for historical data, it notes:

FISC [is] just beginning a practice of collecting statistics on the rate at which such modifications occur.

In other words, back before there was any public scrutiny, nobody much bothered to monitor these things and make sure that the FISC wasn't just a rubber stamp -- and there's no real way to go back and check.

Also, there's the whole question of how do you define "substantial." While the FISC at least admits the bar is higher than typographical corrections, it also admits that the rating is somewhat in the eye of the beholder:

It should be noted, however, that these statistics are an attempt to measure the results of what are, typically, informal communications between the branches. Therefore, the determination of exactly when a modification is "substantial," and whether it was caused solely by the FISC's intervention, can be a judgment call.

Filed Under: fisa, fisa court, fisc, nsa, nsa surveillance, rubber stamp

FISA Court Rubber Stamps Continued Collection Of Metadata On Every Single Phone Call

from the because-it-can dept

This won't come as a huge surprise, I would imagine, but the telephony metadata dragnet collection that has to be renewed every few months "expired" today and was promptly reapproved by the FISA court, because "fuck you, that's why." That's not quite what they said, but consider it the bureaucratic-speak equivalent, coming from the Director of National Intelligence:

Previously on several occasions, the Director of National Intelligence declassified certain information about this telephony metadata collection program in order to provide the public with a more thorough and balanced understanding of the program. Consistent with his prior declassification decision and in light of the significant and continuing public interest in the telephony metadata collection program, DNI Clapper has decided to declassify and disclose publicly that the government filed an application with the Foreign Intelligence Surveillance Court seeking renewal of the authority to collect telephony metadata in bulk, and that the court renewed that authority.

The administration is undertaking a declassification review of this most recent court order.

Of course, it's true that last month, the previous order rubber-stamping this approval was declassified and revealed. Even though the same thing has been rubber stamped every few months for at least the past seven years, this time there was an attempt at a full justification for why it made sense. Of course, since it was a one-sided situation, without any adversarial hearing or opinion, it allowed the FISA court to make up its own rules and completely contradict the Supreme Court (to whom it's supposed to listen). It seems highly doubtful that the eventual declassified version of this rubber stamp will be any different than the last one.

Of course, in the last three months, we've also learned that this program of collecting data on every phone call in the US has been necessary to stop precisely zero attacks in the US -- but it did apparently lead them to a taxi driver sending some money to some not very nice people in Somalia. And, because of that, the NSA gets to keep track of everyone's phone calls. As has been explained repeatedly, this seems to go against not just the spirit and intended purpose of the 4th Amendment, but the plain language of that same Amendment. But, the FISA court has earned its rubber stamp reputation for a reason, and apparently it's not about to give up on it.

Filed Under: business records, dragnet, fisa, fisa court, fisc, metadata, nsa, nsa surveillance, section 215
Companies: at&t, verizon

FISA Court Pretends Every Member Of Congress Was Told Details Of Bulk Surveillance, Even Though They Weren't

from the oops dept

So we already wrote about the declassification of the latest FISA Court ruling giving the giant rubber stamp of approval to the bulk records collection, under Section 215 of the Patriot Act, of metadata on every single phone call, but I wanted to highlight one other section in the ruling which the FISC uses to justify its approval of the order. Part of the FISC's explanation is that Congress explicitly approved this type of activity. The FISC notes that Congress reauthorized this program in 2011, even knowing specifically that it was used to justify bulk metadata collection on all phone calls. The FISC points out that while national security programs may have details kept secret from Congress, that wasn't the case here:

Admittedly, in the national security context where legal decisions are classified by the Executive Branch and, therefore, normally not widely available to Members of Congress for scrutiny, one could imagine that such a presumption would be easily overcome. However, despite the highly-classified nature of the program and this Court's orders, that is not the case here.

It goes on to explain that every member of Congress had access to a detailed explanation of the program and then voted to renew it.

Prior to the May 2011 congressional votes on Section 215 re-authorization, the Executive Branch provided the Intelligence Committees of both houses of Congress with letters which contained a "Report on the National Security Agency's Bulk Collection Programs for USA PATRIOT Act Reauthorization" (Report). Ex. 3 (Letter to Hon. Mike Rogers, Chairman, and Hon. C.A. Dutch Ruppersberger, Ranking Minority Member, Permanent Select Committee on Intelligence, U.S. House of Representatives (HPSCI), from Ronald Weich, Asst. Attorney General (Feb. 2, 2011) (HPSCI Letter); and, Letter to Hon. Dianne Feinstein, Chairman, and Hon. Saxby Chambliss, Vice Chairman, Select Committee on Intelligence, U.S. Senate (SSCI), from Ronald Weich, Asst. Attorney General (Feb. 2, 2011) (SSCI Letter)). The Report provided extensive and detailed information to the Committees regarding the nature and scope of this Court's approval of the implementation of Section 215 concerning bulk telephone metadata." The Report noted that "[a]lthough these programs have been briefed to the Intelligence and Judiciary Committees, it is important that other Members of Congress have access to information about th[is]... program[] when considering reauthorization of the expiring PATRIOT Act provisions." Furthermore, the government stated the following in the HPSCI and SSCI Letters: "We believe that making this document available to all Members of Congress is an effective way to inform the legislative debate about reauthorization of Section 215...." .... It is clear from the letters that the Report would be made available to all Members of Congress and that HPSCI, SSCI, and Executive Branch staff would also be made available to answer any questions from Members of Congress....

In light of the importance of the national security programs that were set to expire, the Executive Branch and relevant congressional committees worked together to ensure that each Member of Congress knew or had the opportunity to know how Section 215 was being implemented under this Court's Documentation and personnel were also made available to afford each Member full knowledge of the scope of the implementation of Section 215 and of the underlying legal interpretation.

That sounds good. Too bad it's not true. Well, the first part is true. Ronald Weich did send such a letter to Feinstein and Rogers, telling them to please make the information available to Congress prior to the vote to reauthorize this part of the Patriot Act. But... Mike Rogers did not share those details with members of the House despite being urged to do so. Furthermore, as was noted earlier, the White House was fully aware that Rogers chose not to share this information with those voting to renew Section 215 of the Patriot Act.

So the entire basis of the FISC's ruling here, that Congress must have intended Section 215 to be read this way because all members of Congress had that info available and still voted to approve the program is simply untrue. In a footnote in this section, the FISC hints at the fact that it actually knows Rogers didn't make this report available. Because it highlights how it is aware of both Feinstein and Rogers actually making the report available a year earlier, and then just assumes they did so again prior to the 2011 vote. So either the FISC is making a really bad assumption here, or it knows that Rogers didn't inform his colleagues, and the FISC is hoping no one notices.

Filed Under: bulk data collection, congress, fisa, fisa court, fisc, mike rogers, patriot act, section 215

James Clapper Pretends It Was Just A Good Idea To Suddenly Declassify FISA Documents; Doesn't Mention EFF Lawsuit Or Snowden

from the oh-yeah,-just-a-good-idea-you-had dept

Following a somewhat rancorous fight with the Justice Department, the EFF announced last week that the DOJ had finally caved in and agreed to release hundreds of pages of documents related to the NSA's surveillance activities. The EFF had filed a FOIA lawsuit after the feds refused to reveal the secret interpretation of Section 215 of the Patriot Act that supposedly "authorizes" the NSA to collect metadata on every single phone call. The DOJ had pushed back, before finally giving in -- probably after realizing it was going to lose in court. Just a little while ago, Director of National Intelligence James Clapper released a bunch of these now declassified reports to the public. We'll have more analysis on them later, but just wanted to point out how petty the Office of the Director of National Intelligence (ODNI) is. Rather than admit that the declassification and publication had anything whatsoever to do with (a) the EFF's FOIA request and subsequent lawsuit or (b) the Ed Snowden leaks that have increased the scrutiny on these programs or even (c) Senator Ron Wyden letting the world know that ODNI was relying on a "secret interpretation" of Section 215 in a classified ruling from the FISA Court, Clapper basically says he just decided to declassify these documents after President Obama asked him to be a bit more transparent.

In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive intelligence collection programs undertaken under the authority of the Foreign Intelligence Surveillance Act (FISA) while being mindful of the need to protect national security. Consistent with this directive, today I authorized the declassification and public release of a number of documents pertaining to the Government’s collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act. These documents were properly classified, and their declassification is not done lightly. I have determined, however, that the harm to national security in these circumstances is outweighed by the public interest.

Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States.

That last sentence there is particularly laughable. It was nothing of the sort. This is damage control, as ODNI and the administration are at least trying to get partially ahead of future Snowden leaks that are clearly on the way, and which have already revealed some aspects of these programs. Even more ridiculous, is that the ODNI clearly is trying to position the documents released as highlighting the "extraordinary measures" the intelligence community has taken to try to "identify and correct mistakes." Leaving aside all of the evidence of problems and abuse, as well as the near total lack of transparency before this.

Furthermore, the ODNI tries to downplay the "compliance incidents" revealed in these documents... by admitting that the program was such a mess that many at the NSA had no idea how it worked, which is why they lied to the FISA Court about it all:

The compliance incidents discussed in these documents stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned. These gaps in understanding led, in turn, to unintentional misrepresentations in the way the collection was described to the FISC.

So, basically, for years the system was such a mess that even those in charge of defending it didn't understand it or what it could do, and that resulted in abuses. That's really comforting.

Filed Under: declassified, ed snowden, fisa, fisc, james clapper, odni, patriot act, section 215
Companies: eff

The NSA Didn't Actually Address All Of The FISA Court's Concerns, Contrary To What It Claims

from the that's-just-not-true dept

Many of you quite enjoyed former Ron Wyden deputy chief of staff, Jennifer Hoelzer's post a few weeks ago, and we're bringing you another post by her, this one crossposted from her own blog where she's going to be covering these kinds of issues. We encourage you to head over there now and to visit it often.

The Director of National Intelligence, James Clapper, would very much like you to view the previously classified documents his office released last month as proof that the National Security Agency’s secret surveillance activities have not only been subjected to vigorous oversight, they have taken it seriously. 

I mean, the Office of the Director of National Intelligence (ODNI) didn’t just declassify the long sought Foreign Intelligence Surveillance Court (FISC) opinion that indicated the NSA’s foreign intelligence collection activities haven’t been as problem free as the administration’s suggested.

No, the ODNI – not exactly known for its fondness for declassification - also declassified the government’s response to the FISC opinion, and the FISC opinion on the government’s response to the original FISC opinion, and the minimization procedures the NSA uses “in connection with acquisitions of foreign intelligence information pursuant to Section 702” and the “Semi-Annual Assessment of Compliance with the Procedures and Guidelines issued pursuant to Section 702” plus all of the previously classified testimony the Administration gave to Congress discussing 702, including a memo that the administration had previously made available to members of Congress in which they described FISC’s having raised concerns about the Administration’s collection activities as an example of “how well the existing oversight regime works.”   (An ironic choice of words given that they were being used to describe a legal opinion in which a federal judge used a footnote to smack the Administration for substantially misrepresenting the “scope of a major collection program”)

And, if all of that information wasn’t enough to convince you that FISC’s concerns about the Administration’s compliance with Section 702 of the FAA were nothing when compared to the extraordinary efforts the government employs to ensure that these programs are conducted with respect to the rule of law, the Director of National Intelligence himself wrote a three page cover letter to accompany the release of these documents. The letter acknowledged that the court had determined that:

For highly technical reasons…the minimization procedures proposed by the government as applied to a discrete subset of NSA’s upstream collection of electronic communications did not satisfy certain statutory requirements in FISA and that the targeting and minimization procedures as applied to the same subset of communications did not satisfy Fourth Amendment requirements. 

But – if you followed that -- fear not!  Because, “In the end,” the DNI wrote:

the Government satisfied the concerns raised by the Court and the Court found that the revised procedures satisfied the law and the Constitution. These documents reflect the Government’s serious commitment to getting it right and the Court’s careful and searching review of matters within its jurisdiction.

For the record, I don’t blame the DNI for being defensive. While his actions have left plenty of room for criticism, James Clapper is not a bad guy.  He’s not slaughtering puppies or making millions gambling with people’s home mortgages.  In fact, in any other context, I’m pretty sure we’d be calling him a hero.  Not only is he a decorated veteran, who spent thirty-two years in uniform, including two combat tours in Southeast Asia, at 73-years-old, he continues to work seven days a week for a government salary in an effort to keep Americans safe. 

That’s not to say I agree with his approach to keeping Americans safe.  I don’t.  But I don’t doubt that his heart is in the right place and I can only imagine how much it must suck to have the public he’s dedicated his life to protect turn on him with such anger.

Problem is, though, he’s wrong.

The plethora of documents General Clapper declassified are not proof that Intelligence Community oversight is working, because despite what General Clapper says, the government did not satisfy all of the concerns that the Court raised about the Administration’s Section 702 collections activities. 

For those following along at home, Section 702 of the FISA Amendments Act gives the Administration the authority to collect an American citizen’s communications (without a warrant) if – and only if – their communications are collected incidental to the Intelligence Community’s efforts to collect the communications of a foreigner. 

In other words, if the NSA wants to collect a foreigner’s emails, it can basically download everything in that foreigner’s gmail account directly into the U.S. government database without worrying that some of the emails in that account might be from an American citizen.  Obviously, if the government was targeting that American citizen directly, it would need a warrant to collect and read those emails, but thanks to Section 702 of the FAA, if the government unintentionally collects an American citizen's calls or emails, it can review them without a warrant.

In October 2011, the Foreign Intelligence Surveillance Court found that the NSA had been violating both FAA and the Fourth Amendment by scooping up tens of thousands of “wholly domestic” communications that had nothing to do with a targeted foreigner.  This was attributed to the technical challenges of collecting multiple communications at once and the administration found a way to resolve the problem and address the Court’s concerns.

But, if you turn to page 33 and 34 of the FISA Court’s October 3, 2011 opinion. You’ll see that that wasn’t the Court’s only concern about the NSA’s Section 702 collection activities:

…in addition to these MCT’s, NSA likely acquires tens of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic ‘about’ SCT if it is routed internationally. 

(For the record, the FISA Court underlined “more,” not me.)

What this means is the NSA isn’t just collecting emails sent to and from a targeted foreigner’s email address, they are collecting emails that include the targeted foreigner’s email address in the body of the message.  So, if a friend asks you to forward them an email address, if that email address belongs to a targeted foreigner, your email could end up in the government database even if both you and your friend are American citizens located in the United States.

If you flip to page 48 of FISC’s opinion, you’ll see that the Court has definite concerns about this:

Given that NSA’s upstream collection devices lack the capacity to detect wholly domestic communications at the time an Internet transaction is acquired, the Court is inexorably led to the conclusion that the targeting procedures are “reasonably designed” to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States. This is true despite the fact that the NSA knows with certainty that upstream collection, viewed as a whole, results in the acquisition of wholly domestic communications.

By expanding its Section 702 acquisitions to include the acquisition of Internet transactions through its upstream collection, NSA, has, as a practical matter, circumvented the spirit of Section 1881 a(b)(4) and (d)(1) with regard to that collection.  NSA’s knowing acquisition of tens of thousands of wholly domestic communications through its upstream collection is a cause for concern for the court.

[Note: If you aren’t familiar with the word “inexorably” its legal speak for “not to be persuaded.”  As in the court isn’t persuaded that the NSA’s targeting procedures have been “reasonably designed” to prevent the intentional collection of wholly domestic communications.]

So, the court raised concerns that the NSA is actively collecting emails that mention targeted foreigners even though the NSA knows they’ll likely collect tens of thousands of wholly domestic communications each year.  This, the court says, violates the spirit of Section 702 of the FAA, which explicitly prohibits the government from “knowingly” collecting wholly domestic communications.

The IC did not address this concern. And, if you refer to page 4 of the memo that the ODNI sent the Intelligence Committees on May 4, 2012 to argue for FAA’s reauthorization, you will see that this collection is ongoing. 

“[Upstream collection] lets the NSA collect electronic communications that contain the targeted e-mail address in the body of a communications between third parties.”

[I think it’s worth noting that in mentioning this capability to Congress, the Administration failed to mention that the Foreign Intelligence Surveillance Court had raised concerns that this practice violates the spirit of the FAA.]

Why does this matter?  I mean if one American is forwarding a terrorist’s address to another American, that email is clearly “relevant” to a terrorism investigation and should be collected, right?

Not exactly.  Just because an email contains the address of a “targeted foreigner” does not mean it has anything to do with terrorism, because Section 702 does not limit surveillance to terrorism suspects. 

Rather, Section 702 applies to all foreign intelligence gathering for any foreign intelligence purpose.  Which means that the government can use its Section 702 authority to target basically any foreigner that it thinks might have information the U.S. government might find useful.  This can include: foreign officials, business people, journalists, human rights advocates, etc. etc. 

So, while it may be reasonable to assume that two Americans sharing a terrorist’s email address are probably up to no good, I can think of a whole lot of very innocent reasons that one American might share the email address of a targeted foreigner with another. Heck, just last month, I shared a foreign reporter’s email address with a friend who was looking for a hotel recommendation for his dad.  Did that email end up in a government database?

Again, why should you care?  That information is only being used for terrorist investigations, right? 

No.  As recently disclosed documents reveal, the Administration believes that as long as communications are “lawfully” collected, the government doesn’t need a warrant to use them for other purposes.  In other words, while the government would need to get a warrant to read your emails, the government does not need a warrant to read emails that it may have “accidentally” collected on you.  (The fact that it didn’t need a warrant to collect those emails in the first place is considered irrelevant.)

My former boss, attempted to close this loophole in early 2012, when, during a closed Intelligence Committee mark-up, he introduced an amendment to the FISA Amendments Act that would have required the government to get a warrant before being allowed to search the government database for the name of an American citizen. 

I don’t think that’s unreasonable.  If the government has a legitimate cause to target an American it can get a warrant to search the database.  Meanwhile, warrant requirements could prevent LOVEINT-esque incidents in which NSA personnel might be tempted to search the database for names that they have no legitimate, foreign intelligence reason to target. 

But, despite the President’s oft-repeated claims that the government can not read an American’s emails and/or listen to the content of their conversations without a warrant, the administration quietly opposed Wyden’s attempt to require government agents to get warrants to do just that. 

To their credit, after quashing Congress’s attempt to limit the executive branch’s authority, the executive branch appears to have issued an alert that analysts should not query the database for the name of a U.S. person “until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI.”  That is, of course, better than nothing, but am I the only one who thinks it’s a problem that the only entity conducting oversight over the Intelligence Community is the Intelligence Community?

Again, as you can see from the ODNI’s rollout of FISC’s Section 702 opinions, Director Clapper would very much like you to believe that the Intelligence Community is “commit[ed] to detecting, correcting, and reporting mistakes, and to continually improving its oversight and compliance processes.”  But is the IC as committed to detecting, correcting and reporting mistakes that others identify?

We’ve been told that the Intelligence Community has implemented safeguards that it believes to be effective.  It is declassifying the documents that it believes are in the public’s best interests to see, and when they tell you they “satisfied the concerns raised by the court,” they mean they satisfied the court’s concerns that they decided were worth satisfying.  (Which, again, is not the same as saying the Intelligence Community satisfied all of the Court’s concerns.) 

And let’s not forget, the Intelligence Community is engaged in these surveillance activities because they believe they are necessary to national security.

But is any of that the same as saying these programs are being subjected to effective oversight?

Doesn’t oversight imply that your work is being reviewed by someone who has an incentive to raise concerns and/or might catch something you may have missed?  Doesn’t the fact that the NSA apparently didn’t think to implement safeguards to its database query process until AFTER Senator Wyden raised concerns about it suggest that maybe the NSA isn’t catching all of its mistakes and outside oversight can be a good thing? 

Because, I’m sorry, I have a hard time believing that the administration is committed to oversight, when the only oversight it appears to be committed to is oversight conducted by folks that agree with what they are doing.  Also – and maybe this isn’t fair – I have a hard time trusting the Intelligence Community to identify and correct possible problems related to its secret surveillance programs, when no one in the IC apparently noticed that there might be a problem with the name of its new Tumblr account: http://icontherecord.tumblr.com/.  But maybe that’s just me.

Filed Under: fisa, fisa court, fisc, james clapper, keith alexander, nsa, nsa surveillance

DOJ Still Refuses To Let Tech Companies Reveal How Much Info They Get Via FISA Orders

from the of-course dept

So, last night Director of National Intelligence James Clapper said that the administration will start releasing some data on how many FISA records it seeks, and how many "targets" there are. In a first draft of that post, I had originally speculated that this hopefully meant the various tech companies could finally add FISA request numbers to their transparency reports, as they'd requested. However, after reading Clapper's statement carefully, it seemed fairly obvious that what they were releasing was a lot more limited than what the tech companies have been asking for -- including the number of people impacted. Given that, I removed the paragraph about how it might impact tech companies, because it seemed likely that the feds weren't actually going to allow the tech companies to reveal some basic metadata about the FISA requests they receive. Indeed, today was the (many times extended) deadline for the DOJ to respond to the legal filings by various tech companies to publish those numbers, and it appears that the DOJ has officially turned down the request.

Microsoft wasted little time this morning before speaking out on its blog and stating that this was unacceptable, and that it would continue the legal fight.

On six occasions in recent weeks we agreed with the Department of Justice to extend the Government’s deadline to reply to these lawsuits. We hoped that these discussions would lead to an agreement acceptable to all. While we appreciate the good faith and earnest efforts by the capable Government lawyers with whom we negotiated, we are disappointed that these negotiations ended in failure.

Yesterday, the Government announced that it would begin publishing the total number of national security requests for customer data for the past 12 months and do so going forward once a year. The Government’s decision represents a good start. But the public deserves and the Constitution guarantees more than this first step.

For example, we believe it is vital to publish information that clearly shows the number of national security demands for user content, such as the text of an email. These figures should be published in a form that is distinct from the number of demands that capture only metadata such as the subscriber information associated with a particular email address. We believe it’s possible to publish these figures in a manner that avoids putting security at risk. And unless this type of information is made public, any discussion of government practices and service provider obligations will remain incomplete.

Given this, Microsoft (and, it appears, Google) are planning to continue to fight this in the courts, arguing that they have a First Amendment right to publish this information. This lawsuit is going to be very, very important:

With the failure of our recent negotiations, we will move forward with litigation in the hope that the courts will uphold our right to speak more freely. And with a growing discussion on Capitol Hill, we hope Congress will continue to press for the right of technology companies to disclose relevant information in an appropriate way.

The United States has long been admired around the world for its leadership in promoting free speech and open discussion. We benefit from living in a country with a Constitution that guarantees the fundamental freedom to engage in free expression unless silence is required by a narrowly tailored, compelling Government interest. We believe there remains a path forward that will share more information with the public while protecting national security. Our hope is that the courts and Congress will ensure that our Constitutional safeguards prevail.

Filed Under: doj, first amendment, fisa, nsa, transparency
Companies: google, microsoft

Court Says Feds Don't Have To Reveal Secret Evidence It Gathered Against 'Terror' Suspect Using FISA

from the due-process-what? dept

Adel Daoud is an American teen who was arrested last year in one of the FBI's many infamous home grown plots, in which FBI agents entice people into claiming they want to take part in a terror plot, plan the whole thing, give the person a fake bomb, and then arrest them. In this case, the "plot" which only involved Daoud and a bunch of FBI agents, was supposedly to bomb a Chicago bar. Daoud had no actual way of doing this until the FBI showed up and "helped." And then arrested him and celebrated, while admitting the public was "never at risk." Well, duh.

However, the case has been taking some interesting turns. Late last year, when the Senate was "debating" the renewal of the FISA Amendments Act (a key part of the NSA's surveillance program), Senator (and Senate Intelligence Commission boss) Dianne Feinstein pointed to the Daoud case as evidence for why the FAA needed to be renewed, claiming directly that the FISA Amendments Act was used to stop "a plot to bomb a downtown Chicago bar."

Given that, Daoud's lawyers sought access to the evidence that was obtained via the FISA Amendments Act. This is basic due process. Someone who is accused of a crime is supposed to have access to all of the evidence that was used against him. That was back in May, before the Snowden leaks, and before the revelations that the NSA and other agencies have used questionable surveillance methods to tip off other agencies of people to target, and then had them "launder" the evidence by trying to recreate evidence obtained in a more legal fashion to use against them -- also known as "parallel construction."

Back on August 9th, Daoud's lawyers made a much more thorough request for the evidence obtained via the FAA. As they note, there may be significant problems with the FISA information, including, but not limited to the FISA application for electronic surveillance may fail to establish probable cause that Dauoud was "an agent of a foreign power." As they note, he was an American citizen and high school student in suburban Chicago. They also suggest the FISA application may have contained material falsehoods or omissions and might violate the 4th Amendment. The surveillance also may have violated the FISA law. There are many other reasons they bring up as well.

The Justice Department (of course) argued that it shouldn't have to hand over any of this info, in part because it's classified and in part because they're not going to use that evidence against Daoud.

Unfortunately, the court wasted little time in agreeing with the feds that they don't need to turn over the evidence collected under FISA.

This is troublesome on a variety of levels. First of all, it seems like a clear due process violation, in which you're supposed to be able to see the evidence used against you. Second, it's a victory for "parallel construction," effectively giving the feds a green light to launder illegally obtained evidence, using it to "construct" legitimately obtained evidence. But, more directly, this issue was raised a few months ago, because the US Solicitor General had told the Supreme Court that any defendant who had FISA-collected evidence used in their arrest would have standing to challenge FISA because the government would have to disclose it. And, after it came out that the government wasn't disclosing it, the DOJ promised that, going forward it would provide such information.

Except that it's not doing so here. This is tremendously sketchy. As others are noting, if the evidence was legally obtained and really showed potential threats, why would they hide it?

The government’s successful attempt to keep the surveillance secret in the Daoud trial suggests that it either lacks confidence in the constitutionality of the spying or the Justice Department is still struggling to embrace the greater transparency on surveillance recently promised by the Obama administration—or both.

And, on top of that, the court has now sanctified this whole practice of abusing surveillance to spy on people, and then laundering the evidence so no one can challenge it. This is terrible, and hopefully an appeal on this particular issue is forthcoming.

Filed Under: adel daoud, doj, evidence, fbi, fisa, nsa, nsa surveillance, terrorism

James Clapper Says Feds Will Start Releasing Some FISA And NSL Metadata, But Not The Kind That Matters

from the it's-just-metadata... dept

We were just mocking the government's position that it cannot reveal the "metadata" on the numbers of FISA orders (and the number of people impacted) when those same people insist that we shouldn't worry about many NSA surveillance programs since they're "just metadata." And, now, the Director of National Intelligence has said that it will begin releasing some metadata on some key programs that had been secret before:

Specifically, for each of the following categories of national security authorities, the IC will release the total number of orders issued during the prior twelve-month period, and the number of targets affected by these orders:

• FISA orders based on probable cause ( Titles I and III of FISA, and sections 703 and 704).
• Section 702 of FISA
• FISA Business Records (Title V of FISA).
• FISA Pen Register/Trap and Trace ( Title IV of FISA)
• National Security Letters issued pursuant to 12 U.S.C. &sec; 3414(a)(5), 15 U.S.C. &sec;&sec; 1681u(a) and (b), 15 U.S.C. &sec; 1681v, and 18 U.S.C. &sec; 2709.

Our ability to discuss these activities is limited by our need to protect intelligence sources and methods.

For what it's worth this is a step forward -- and something the government should have done ages ago, but perhaps not nearly as big as Clapper would like everyone to believe. Note that they only say they'll reveal the number of "targets" rather than people impacted. Given that each person "targeted" may lead to scooping up records on many, many others, this seems fairly weak. Remember, for a "target" they can scoop up all kinds of records, and then go three hops deep. So, one target could impact thousands or possibly hundreds of thousands (or even millions) of people. This is a baby step forward, but it still seems designed to mislead.

Filed Under: 702, fisa, fisa amendments act, intelligence community, james clapper, metadata, national security letters, nsls

Declassified FISA Court Opinion Shows NSA Lied Repeatedly To The Court As Well

from the that's-officially-everybody dept

The EFF finally gets to step away from one of its many legal battles with the government with its hands held aloft in victory and clutching a long-hidden FISA court opinion.

For over a year, EFF has been fighting the government in federal court to force the public release of an 86-page opinion of the secret Foreign Intelligence Surveillance Court (FISC). Issued in October 2011, the secret court's opinion found that surveillance conducted by the NSA under the FISA Amendments Act was unconstitutional and violated "the spirit of" federal law.

Beyond the many instances of NSA malfeasance, the most damning aspect of the opinion is its lack of effect on future behavior. What does make it past the redaction details repeated wrongdoing that even the FISA Court, long perceived to be the NSA's rubber stamp, found egregious.

A footnote on page 16 points out that the agency had "substantially misrepresented" the extent of its "major collection program" (including the harvesting of "internet transactions") for the third time in less than three years. The same set of footnotes attacks the so-called "big business records" collection, accusing the agency of using a "flawed depiction" of how it used the data to basically fleece the FISA court since the program's inception in 2006.

Then there's this pair of concluding sentences, which severely undercut anyone's arguments that the FISA Court is a reliable form of oversight.

Contrary to the government's repeated assurances, NSA has been repeatedly running queries of the metadata using querying terms that did not meet the standard for querying. The Court concluded that this requirement had been "so frequently and systemically violated that it can fairly be said that this critical element of the overall… regime has never functioned effectively."

Other pages detail more concerns, including misrepresentation of the methods used in 702 collections, which the opinion claims "fundamentally alters the Court's understanding of the scope of the collection."

As the Washington Post points out, this opinion, which details many instances in which the NSA flat out lied to the court, lends some credence to statements made by presiding judge Reggie Walton, who claimed the court was limited to making decisions based on information the NSA provided. This opinion appears to detail the NSA setting up its own complicit court system, intentionally misleading it in order to continue its surveillance programs unabated.

The only problem with accepting Walton's narrative completely is the fact that, despite this opinion, the court granted every request that year (2011) and then proceeded to do the same the following year. The court was lied to but still kept giving the agency the thumbs-up on each new court order.

The leaks keep coming and keep pointing to the same conclusion: the NSA has acted as a law unto itself. And all the while it continues to point at its "overseers," which include Congress (which has been lied to directly by the agency when not having information withheld from it by the leaders of the House Intelligence Committee) and the FISA Court (which has been lied to directly and is hampered by its reliance on the NSA's data and narratives -- which pretty much just means more lying).

And despite all this evidence that the NSA's "oversight" is nearly completely compromised, the defenders, including those within the agency, continue to insist the system is working the way it should. In their eyes, maybe it is.

Filed Under: fisa, fisc, nsa, privacy, surveillance