The latest reporting on previously unrevealed Snowden documents comes from the Washington Post, by Ellen Nakashima and Barton Gellman, reviewing how the FISA Court granted the NSA incredibly broad powers to spy on just about any country, and also allows them to collect a pretty broad array of information with little oversight. Basically, the FISC gave blanket approval to the NSA to spy on any country not a member of the "Five Eyes" coalition, with whom the US has non-spying agreements: the UK, Canada, Australia and New Zealand. Perhaps more troubling isn't just the big list of just about every country, but how the FISC allows spying on a broad range of communications:
An affidavit in support of the 2010 foreign government certification stated that the NSA believes foreigners who will be targeted for collection “possess, are expected to receive and/or are likely to communicate foreign intelligence information concerning these foreign powers.”
That language could allow for surveillance of academics, journalists and human-rights researchers. A Swiss academic who has information on the German government’s position in the run-up to an international trade negotiation, for instance, could be targeted if the government has determined there is a foreign intelligence need for that information. If a U.S. college professor e-mails the Swiss professor’s e-mail address or phone number to a colleague, the American’s e-mail could be collected as well, under the program’s court-approved rules.
As we've noted (and as this report reminds us), one of the more recent revelations is that this set of broad powers, which come under Section 702 of the FISA Amendments Act, includes the ability to collect information any time anyone communicates about a target, not just to or from a target. And "a target" can be more than just a person -- it can be an organization or a computer or a network. That means the FISA Court more or less gave the NSA broad powers to spy on just about anyone if they did anything even remotely related to a broad set of "targets." It's hard to see how this is narrowly tailored surveillance, as NSA defenders keep wishing to imply.
The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.
This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:
The FBI does not track how many queries it conducts using U.S. person
identifiers. The FBI is responsible for identifying and countering threats to the homeland, such
as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its
domestic mission, the FBI routinely deals with information about US persons and is expected to
look for domestic connections to threats emanating from abroad, including threats involving
Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within
the information lawfully in its possession, the FBI does not distinguish between U.S. and non-
U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI
does not receive all of Section 702 collection; rather, the FBI only requests and receives a
small percentage of total Section 702 collection and only for those selectors in which the
FBI has an investigative interest.
Moreover, because the FBI stores Section 702 collection in the same database as
its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section
702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to
locate relevant information that is already in its possession when it opens new national security
investigations and assessments. Therefore, the FBI believes the number of queries is substantial.
However, only FBI personnel trained in the Section 702 minimization procedures are able to
View any Section 702 collection that is responsive to any query.
Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight.
Yikes!
Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:
In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of
that total number approximately 40% were conducted as a result of requests for
counterterrorism-related information from other U.S. intelligence agencies. Approximately 27%
of the total number are duplicative or recurring queries conducted at different times using the
same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person
identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702
collection. However, the CIA does not track the number of metadata-only queries using U.S.
person identifiers.
So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place.
Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:
When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.
Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done.
Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.
In the begrudging spirit of forced openness, the Office of the Director of National Intelligence (James "Least Untruthful" Clapper, presiding) has released its First Annual Ever Transparency Report. So, what have our intelligence agencies been up to for the last calendar year? Well, a little of this and whole lot of that, all of it broken down into numbers that don't really provide that much transparency.
The figure that first stands out is related to the Section 702 program. As defined in intelspeak, the 702 program:
facilitates the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States, creating a new, more streamlined procedure to collect the communications of foreign terrorists.
[The] collection done under Section 702 captures content of communications. This could include content in emails, instant messages, Facebook messages, web browsing history, and more.
Like other bulk surveillance programs, Section 702 supposedly targets non-US persons but frequently "incidentally" collects content from US persons and other non-targets. This data on Americans is then searchable via backdoor searches. Much of this information is collected directly off the "Internet backbone" as communications flow through NSA collection points. The authority it operates under is incredibly vague and almost completely without adequate oversight. This last sentence explains the following numbers.
In contrast with sections 703, 704 and pen register requests -- where the number of targets roughly corresponds with the number of orders -- the 702 program operates under one order… which nets over 89,000 targets. Note -- and this is important -- that the report only says how many "targets" are "affected." It does not say how many other people's communications are "incidentally" collected along the away and made open to those backdoor searches. And, rest assured, that number is likely much larger than 89,000 -- especially since we already know that any communication "about" any target gets swept up, but that won't count towards that number. And, as discussed below, the definition of "target" can often mean something entirely different than what you think it means. This broad collection, one that harvests content rather than (supposedly harmless) metadata, is one of the NSA's favorite tools and explains its willingness to discuss alterations to the Section 215 bulk metadata program, but not to change the 702 program at all. (Not that anything much actually happened to the 215 program, even after all of the discussion.)
What's more interesting, though, is the long discussion about the incredibly high number of National Security Letters issued in 2013.
The FBI (along with other agencies) is issuing NSLs at the rate of 53 per day. The ODNI's long explanation attempts to portray this huge number as most certainly not evidence of NSL abuse.
In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.”
So, the FBI (and unnamed other agencies) must issue a new NSL (the "must" is up for discussion) for each account it wishes to collect from, whether it's an email address or some other online account. And if multiple names are used for one target, then new NSLs must be issued to claim that information. And so on, until the government is issuing nearly 20,000 per year.
The ODNI attempts to explain how difficult it is to narrow down how many people are being targeted by NSLs.
We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL.
Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account…
We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests. The FBI often issues NSLs under different legal authorities, e.g., 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709, for the same individual or organization.
All well and good, but the DOJ's transparency report (linked to by the ODNI) breaks that number down just fine. (For whatever reason, the ODNI Tumblr post links to a report for 2012. The PDF of the ODNI's report contains a link to the 2013 version. Both are embedded below.)
From the 2013 letter:
In 2013, the FBI made 14,219 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 5,334 different United States persons.
From the 2012 letter:
In 2012 the FBI made 15,229 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 6,223 different United States persons.
It appears the FBI has the power to narrow down the number of persons targeted by its NSLs, although something must have happened in 2013 that made it append the following footnote to its FY2013 letter.
In the course of compiling its National Security Letter statistics, the FBI may over-report the number of United States persons about whom it obtained information using National Security Letters. For example, NSLs that are issued concerning the same US. person and that include different spellings of the US. person's name would be counted as separate U.S. persons, and NSLs issued under two different types of NSL authorities concerning the same US. person would be counted as two US. persons. This statement also applies to previously reported annual US. person numbers.
The DOJ's transparency letters again point out that the FISA court is basically approving everything set in front of it. Only one order has been withdrawn in the last two years and only 74 of 3,511 orders presented for "electronic surveillance" and/or "physical searches" were modified. The Section 215 collection requests were sent back for modification more often (roughly 2/3rds of the time) but ultimately, not a single one of those requests were denied.
So, there's more transparency than we're used to, but the 702 program still remains the best kept open secret. One order accesses thousands of "targets," and the ODNI hasn't exactly been forthcoming with additional details. Another explanatory note included does, however, point out inadvertently how useless the word "target" is when deployed by the NSA.
Within the Intelligence Community, the term “target” has multiple meanings. For example, “target” could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws.
Section 702's "explanation" takes it even farther:
In addition to the explanation of target above, in the context of Section 702 the term “target” is generally used to refer to the act of intentionally directing intelligence collection at a particular person, a group, or organization.
Except that it doesn’t admit that, at least in the past, sometimes target means “the switch we know lots of al Qaeda calls to use.” Meaning the term “target” is a misnomer even within the context they lay out.
There's still nothing "targeted" about the NSA's supposedly targeted collections. The collection comes first and the targeting comes later -- sometimes using pre-determined selectors and other times by splashing around in the data until something presents itself. What the NSA means by "target" is nothing more than a term deployed to gain access to massive amounts of communications and data, all under the theory that it's somehow "relevant" to its counter-terrorism work.
The new report is a step towards transparency, but it's a very calculated move that throws out a few vague numbers while withholding anything that could put them into context. In this sense, it follows the administration's idea of transparency: nothing that goes deeper than the surface.
We already wrote about how Reps. Goodlatte and Ruppersberger misrepresented the milestone amendment put forth by Reps. Massie, Lofgren and Sensenbrenner to defund the NSA's backdoor searches and mandates to put (different kinds of) backdoors in technology. However, we'd heard that the House leadership was so desperate to block the amendment that they put a totally misleading description on it -- and it's true:
If you can't see that, it says:
Prohibits funds from being used to fully exploit lawfully collected foreign intelligence information collected under Sec. 702 of the Foreign Intelligence Surveillance Act.
This is, of course, nearly identical to the language that Goodlatte himself used on the floor to urge his colleagues to vote against it. And, of course, as it was when Goodlatte said it, it's tremendously misleading here. It presumes that the information is "lawfully" collected, and also leaves out the rather key point that the amendment was merely blocking the ability to search the communications of Americans collected in this manner without a warrant. In other words, it not only totally misrepresented the amendment, but it purposely painted it in a ridiculous light, pretending that it was about blocking the NSA from doing something perfectly legal.
Given just how laughably misleading the House's own description of the amendment is, it's that much more incredible that the House overwhelmingly voted for the amendment, 293 to 123. In the end, it's a small miracle that it still passed, and by such a large margin -- but it also shows that many more in the House are realizing just how misleading leadership and "NSA-friendly" Representatives are being about these programs.
We've already written about the surprising, but encouraging, vote late last night to defund backdoor searches by the NSA. But it's worth looking at some of the floor debate on the amendment last night -- in particular the push against the amendment from Reps. Goodlatte and Ruppersberger, who both appear to flat out admit that the NSA does warrantless spying on Americans' communications, in direct contrast to earlier claims. The reasons for these two to argue against the amendment are clear. Goodlatte was the guy who negotiated the "deal" with the White House and the House Intelligence Committee to completely water down the USA Freedom Act, and he knows that this amendment puts some of the substance that he stripped out right back in. Ruppersberger, of course, represents the district where the NSA is headquartered, and is the ranking member for the House Intelligence Committee. His loyalty to the NSA over the American public has always been clear. But to have them basically admit that the NSA does warrantless spying on Americans is quite impressive. Here are both of them arguing against the amendment:
Goodlatte kicks it off by whining about how this undoes the "carefully negotiated compromise" in the USA Freedom Act. He leaves out that "carefully negotiated" was what happened after the markup, completely changing the nature of the bill. However, in describing the "existing minimization procedures," he notes (correctly) that the NSA isn't supposed to do searches on Americans, but then puts in the all-important "except" which undermines the whole thing and shows that the NSA is (contrary to the law) spying on the communications (not metadata) of Americans:
HR 3361 [the USA Freedom Act] also prohibits the government from using communications to or from a United States person or a person who appears to be located in the United States EXCEPT where the communication relates to a target under Section 702 or to protect against an immediate threat to human life.
Yeah, that's a pretty big "except." Remember, the NSA is not supposed to ever look at communications by anyone inside the US or an American citizen abroad without a warrant. Yet, Goodlatte flat out admits that the NSA does exactly that if the communications (again, not just metadata) "relate to a target." Now, remember, in discussing this how we recently highlighted that "relate to a target" means any communication about a target? In other words, Goodlatte is more or less admitting that if you merely mention Al Qaeda or Osama bin Laden in an email, the NSA has the right to read your email without a warrant. That's the backdoor search that so many people have been concerned about, which very clearly violates the 4th Amendment's requirement for a warrant. And here is Goodlatte pretending it's no big deal.
Goodlatte then notes that the NSA can't use Section 702 to "target" a US person, but that's misleading. Because the NSA can collect communications "to" "from" or "about" a target, it means that tons of communications (again, not just metadata) by US persons are being spied on by the NSA entirely without a warrant. And this gets bigger and bigger when the "target" is defined broadly.
Then Ruppersberger jumps in to add his "thoughts" on the amendment. He too flat out lies, and claims that the USA Freedom Act was a one-year process of "carefully considered negotiation and debate." That's not even remotely accurate. The original was left to sit and dangle until it appeared that there might be enough support for it, and then frantic negotiations took place to water it down before the markup. Then, after the markup, the White House stepped in and watered it down even further at the very last minute, so that most of those voting on it had no idea what was actually in it, and how it stripped out nearly every thing that "limited" the NSA. Then, he too, admits how it allows for warrantless spying on Americans, by spewing FUD about bomb threats in the US:
It makes our country less safe. It would prohibit the urgent search of lawfully collected information to thwart a bomb threat against a synagogue in Los Angeles, a church in Maryland or the New York Stock Exchange.
In other words, contrary to the claims before, Ruppersberger is directly admitting that it's used to spy on communications in the US. And, again, it wouldn't prohibit searches with a warrant, which are (contrary to what some claim) not that difficult to get.
Five minutes later, Goodlatte speaks again, and this time he's much angrier than before (perhaps having received some advanced warning that this amendment was going to pass overwhelmingly):
He kicks it off by saying that the USA Freedom Act "honors the 4th Amendment." But then goes on a FUD brigade, listing out a bunch of angry claims about terrorists in the middle east and how they want to attack us. Then there's the inevitable claims about how "the terrorism threat is growing" (which kind of undermines the claims that all this intelligence has been useful, no?), and ridiculously argues that this amendment "creates a blind spot" for the intelligence community. It does not. It just says that you need to have an actual warrant for spying on the communications of US persons, meaning that they can't just sweep up every email of every person who obliquely references "a target." Then, once again, he effectively admits that this is about spying on Americans:
[It would] create an impediment to the government's ability to locate threat information already in its possession.
This is misleading, but revealing. All the amendment did was say that the NSA can't do searches on the communications of US persons. The "impediment" is merely making sure that the NSA obeys the law which says it cannot spy on the communications of US persons without a warrant. By arguing that this creates an impediment to "threat information already in its possession," Goodlatte is admitting that the NSA is collecting communications of Americans without a warrant.
So, yeah, the next time someone argues that the NSA is either (a) not spying on Americans or (b) not spying on the actual content of communications, you might want to point them at these clips, in which two of the bigger NSA defenders have admitted that, in fact, that's exactly what the NSA does.
A week ago, we told you that there were plans for a very important amendment to slam the backdoor shut on the NSA's use of backdoor searches, as well as mandates for backdoors in technology. On Wednesday, we asked you to call your Representatives to support the Amendment. The story got almost no other press. And yet, last night, the amendment passed by an overwhelming majority, 293 to 123. And it was also an overwhelmingly bipartisan vote: Republicans voted for it 135 to 94, and Democrats voted for it 158 to 29. Go take a look at the vote results in the link above -- and if your Representative voted Aye, please go thank them for standing up to protect your privacy and 4th Amendment rights from the NSA. You can use the Sunlight Foundation's new Congressional email system. Separately, a huge shoutout goes to Reps. Zoe Lofgren, Thomas Massie and James Sensenbrenner for putting together this amendment in the first place. As we noted earlier this week, Sensenbrenner's support on the bill is perhaps the most striking, as it's a clear rebuke to House leadership for watering down his own USA Freedom Act.
As we stated, this amendment only fixes two specific problems. It stops the very questionable use of "backdoor searches" of information collected under the Section 702 program. This is the very questionable setup by which the NSA spies on Americans while insisting that they don't actually spy on Americans. It also blocks the NSA from mandating that any technology companies create backdoors in their software or hardware to enable wiretapping (such as the NSA forcing Skype to no longer be encrypted end-to-end).
In many ways, this is more important as a symbolic gesture than for the specifics -- but it should have a much wider impact as well. This is the first time that Congress has overwhelmingly voted to defund an NSA program. Last year's Amash Amendment came very, very close to defunding a different program (the Section 215 bulk records collection program), but by passing by an overwhelming margin, this vote is a pretty big sign that the House (on both sides of the aisle) is not happy with how the NSA has been spying on Americans. As mentioned above, it's also a big slap in the face to the White House and certain members of the House leadership who conspired to water down the USA Freedom Act a few weeks ago, stripping it of a very similar provision to block backdoor searches.
While this particular Amendment is far from a sure thing (it still needs to make it through a Senate equivalent and then the White House), it is quite important as a sign that the House really is fed up with the NSA's surveillance and how the USA Freedom Act process went. It should serve as a warning to the Senate, which is now considering its own version of the USA Freedom Act, that passing a similarly watered down version is simply not acceptable.
This is one step forward in a big process, but it is a big milestone. For the first time since the Snowden revelations began, the House overwhelmingly voted to defund some NSA practices. Once again, if you're an American, I urge you to look over the list of Aye votes, and send a thank you to those Representatives who took a stand for your privacy and against the NSA last night.
Last month, we wrote about how the USA Freedom Act was completely changed at the last minute in secret. This was even after the bill had been marked up and approved unanimously by two committees (Judiciary and Intelligence). Then the White House (read: NSA) came in and basically changed the bill around entirely, such that some say it's even worse than before. Earlier this week, it even came out that the very author of the USA Freedom Act, Rep. Jim Sensenbrenner, was frozen out of the final negotiations on his own bill, such that the final product looked nothing like the original. While some in Congress tried to warn their colleagues that the bill they were voting on had been changed in secret, many Representatives didn't fully comprehend what happened, and the bill passed.
While the official fight over the bill has now moved to the Senate (and early indications there are not good at all), Representatives in the House have another big chance next week with the giant Defense Appropriations bill. From what we've been hearing, a bipartisan group of Representatives will be introducing an amendment to put in two key measures that will block the NSA from two major abuses involving two different kinds of "backdoors." If Congress is actually serious about protecting the privacy of Americans and making sure the NSA cannot do domestic surveillance, this is the opportunity to prove it.
The first part of the amendment would put back in a bit of the USA Freedom Act that got stripped out at the last minute, stopping what has been referred to as "backdoor searches" of American's data that was collected under Section 702 of the FISA Amendments Act. This is content, not metadata, and the NSA has very wide leverage to search through it once it's been collected. While the NSA is not supposed to search on American's content, a sneaky "rule change" in 2011 gave the NSA the authority to run searches on Americans' content collected via this program, and it includes a lot of content. This is a very big deal. The NSA and its defenders have been using sneaky language to pretend they don't do searches on US persons' content, but that was proved untrue thanks to these backdoor searches. The expected amendment would say that the NSA can't do those searches without a warrant.
In short: here's a chance for Representatives in the House to tell their constituents that they support their privacy and have reminded the NSA how the 4th Amendment works. Will they take that opportunity, or will they continue to allow the NSA to spy on American's emails, files, documents, pictures, etc?
The second part of the amendment is expected to also block a different kind of backdoor: blocking the US government from mandating that any technology include backdoors for law enforcement (beyond what's currently required under the wiretapping CALEA statute). In other words, no more having the NSA go around and tell RSA to use compromised encryption. And no way for DOJ/NSA to force internet service providers to install backdoors into their technology. This is important for a variety of reasons, but most importantly, because any such backdoor will eventually (sometimes quickly) be discovered and exploited by those with malicious intent. In other words, this is another chance for Congress to show that they protect the privacy of Americans, by blocking one of the biggest threats to our cybersecurity: the NSA purposely weakening our technology and services.
This amendment won't fix all of the problems with the NSA (or even most of the problems with the NSA), but it will correct two very big problems, and it's a chance for the House to push back on the secret deal that was negotiated by the NSA at the last minute, which radically change the USA Freedom Act from a bill that reined in the NSA, to one that actually may have opened up more bad practices. If Congress really wants to show they believe in protecting the public, here's a chance. We'll have more details as this process moves forward, including looking at who is willing to step up and protect your privacy, and who's trying to weaken your privacy.
Last week, we wrote about the latest in the Jewel v. NSA case, where the Justice Department admitted to the EFF that the NSA was still destroying surveillance evidence, despite a temporary restraining order in March ordering it to stop. The EFF had rushed over to the court to get an emergency order to get the DOJ/NSA to stop -- and the DOJ flipped out, arguing that such an order was effectively impossible, since the information was quickly spread throughout many different systems, and stopping the program from deleting unnecessary info that was collected under that program (the so-called minimization efforts) might require the NSA to stop a huge amount of intelligence gathering, just to handle the situation. And, yes, there does appear to be some significant amount of irony in the idea that the DOJ insists that an order that it stop destroying evidence might mean that the NSA would have to stop collecting data in the first place. Either way, the judge was at least convinced enough that the court allowed the NSA to keep destroying evidence while the two sides further brief the issue, for a later ruling on whether or not the restraining order really applies to the information collected under Section 703 of the FISA Amendments Act.
For an agency whose motto is "Collect It All," the NSA's claim that its mission could be endangered by a court order to preserve evidence is a remarkable one. That is especially true given the immense amount of data the NSA is known to process and warehouse for its own future use.
The NSA also argued that retaining evidence for EFF's privacy lawsuit would put it in violation of other rules designed to protect privacy. But what the NSA presents as an impossible choice between accountability and privacy is actually a false one. Surely, the NSA — with its ability to sift and sort terabytes of information — can devise procedures that allow it to preserve the plaintiffs' data here without retaining everyone's data.
The crucial question is this: If the NSA does not have to keep evidence of its spying activities, how can a court ever test whether it is in fact complying with the Constitution?
The ACLU calls this "too big to comply," a play on the infamous "too big to fail" claims towards Wall Street during the 2008 economic crisis. Of course, back in 2008, I made a simple suggestion on the "too big to fail" argument, which would seem to apply equally here. Back then, I pointed out that if banks are "too big to fail," there's a reasonable solution that doesn't involve making them even bigger (which was the government's solution): it was to require them to get small enough to fail again. Basically, the government could offer them bail out money on the condition that the banks be reorganized in a manner that if particular pieces started to fail, it didn't create systemic risk to the entire system. In some forms it wouldn't be all that different than a traditional antitrust breakup. And, yes, there's a lot of complexity hidden within such a proposal, but it seems like the only thing that really made sense (though, unfortunately, no one in the government seemed to agree).
So, shouldn't we take the same approach with the NSA? If its systems are truly "too complex to comply" or "too big to comply" with preservation orders, then shouldn't the court require the NSA to change its systems such that it can actually comply with legal court orders to preserve evidence needed in lawsuits that explore the constitutionality of their surveillance efforts?
Well, this is unfortunate. After yesterday's back and forth between the DOJ and the EFF over the ongoing destruction of key evidence in the Jewel v. NSA case, the court ordered an emergency hearing for this afternoon. About an hour before the hearing, the DOJ presented its opposition to the temporary restraining order, arguing, basically, that it would be too damn complicated to stop destroying evidence in the case. Part of this is because the data collected under the Section 702 program apparently isn't just one big database, but is quickly fed into all sorts of other systems.
. Unlike the Section 215 telephony metadata program, which resides on a discrete
computer systems architecture, communications acquired pursuant to Section 702 reside within
multiple databases contained on multiple systems. Those databases and systems are designed to
effectuate FISC-approved minimization procedures that require (with certain limitations) the
destruction (purge) upon recognition of certain communications and the age-off of certain raw
data within either two years or five years from the expiration of the certification authorizing its
acquisition. Halting these purges and age-offs to preserve all Section 702 material, as we
understand the Court to have ordered, would require significant technical changes to these
databases and systems and would have the effect of forcing NSA into non-compliance with
FISC-approved minimization procedures, thus placing the entire program in legal jeopardy
In short: because we're ordered to delete some data by the law to avoid spying on Americans, to now ask us not to delete any data would violate the law that says we have to delete some data. And, to figure out how to do this would be crazy confusing, because the NSA is a giant bureaucratic machine of spying, and you can't just throw a rock into it like that. Or something:
Changes of this magnitude to database and systems architecture normally take months to
engineer and test; to comply immediately with the Court’s order, the NSA may have to shut
down all the databases and systems that contain Section 702 information. Such a shutdown
would suspend acquisition of communications pursuant to Section 702 and analyst access to
communications acquired under Section 702. NSA would lose access to what would be
otherwise lawfully collected signals intelligence information on foreign intelligence targets that
are vital to the performance of NSA’s foreign intelligence mission. Section 702 is the most
significant tool in NSA’s arsenal for detecting, identifying, and disrupting terrorist threats to the
United States and around the world. The impact of a shutdown of the databases and systems that
contain Section 702 information cannot be overstated.
After the hearing, the judge sided with the NSA/DOJ, basically saying that the original temporary restraining order blocking the destruction of evidence (from back in March) still stands, but that the issue of whether or not it actually also covers data collected under Section 702 will be briefed at a later date, and until that time the DOJ/NSA are free to continue destroying evidence.
If there's some sort of silver lining to all of this, it's at least the acknowledgement that the NSA really does have a minimization process to not hang onto information it's not supposed to have, and that it's not immediately easy to turn off the process of getting rid of that data. But, still, that's a small consolation, given the seriousness of the issues in the case, and the fact that the destroyed evidence may highlight more serious abuses by the NSA in conducting surveillance on Americans.
So, remember how we wrote about the big EFF filing in the Jewel v. NSA case, about how the NSA and DOJ had been knowingly destroying key evidence by pretending that they thought the preservation orders only applied to one kind of spying, and not the kind that was approved by the FISA Court (despite at other times admitting that the surveillance at issue in the case was approved by the FISA Court)? Yeah, so, yesterday, the EFF realized that despite the big kerfuffle this whole thing had caused, the NSA and DOJ were still destroying that evidence, and sprinted over to the court to file for an emergency temporary restraining order on the government.
In its TRO, the Court ordered the government to refrain from any further destruction of
evidence pending final resolution of the parties’ dispute over the government’s evidence
preservation obligations: “Accordingly, it is HEREBY ORDERED that Defendants, their officers,
agents, servants, employees, and attorneys, and all those in active concert or participation with
them are prohibited, enjoined, and restrained from destroying any potential evidence relevant to the
claims at issue in this action, including but not limited to prohibiting the destruction of any
telephone metadata or ‘call detail’ records, pending further order of the Court.” ECF No. 189 at 2
(emphasis added). In its Amended Minute Order, the Court reiterated that the TRO’s prohibition
on any evidence destruction remains in effect until the Court has finally decided the evidence
preservation dispute: “The Court extends the temporary restraining order issued on March 10,
2014 until a final order resolving the matter is issued.” ECF No. 206 at 1.
In communications with the government this week, plaintiffs learned to their surprise that
the government is continuing to destroy evidence relating to the mass interception of Internet
communications it is conducting under section 702 of the Foreign Intelligence Surveillance Act.
This would include evidence relating to its use of “splitters” to conduct bulk interceptions of the
content of Internet communications from the Internet “backbone” network of AT&T, as described
in multiple FISC opinions and in the evidence of Mark Klein and J. Scott Marcus....
Ridiculously, the DOJ claimed that it did not believe the original TRO covered internet content interceptions, and thus was still destroying such evidence. It just said it believed the court was still determining if the TRO applied to such evidence. It took very little time for the court to respond, telling the DOJ to file an immediate response and in the meantime to stop destroying the freaking evidence.
On June 5, 2014, the Court received an emergency filing from Plaintiffs in which they
contend that the government may be in violation of the Court’s restraining order. Defendants
shall file a response to Plaintiffs’ emergency filing by no later than 12:00 noon PST on Friday,
June 6, 2014. At that time, the Court shall decide whether and when to have a hearing on this
matter. In the interim, the restraining order remains in effect: Defendants are ordered not to
destroy any documents that may be relevant to the claims at issue in this action, including the
Section 702 materials
This is pretty damn egregious. There is simply no way that the DOJ could properly read the original TRO to mean that it can continue to destroy this evidence. To pretend that's a possible reading, especially given all the clear notifications of both EFF's and the court's concerns, is clearly the DOJ and NSA just playing dumb for the sake of being able to destroy more evidence.
And while the DOJ had until today to file its response, late yesterday it filed a very short response, demanding the judge issue an emergency stay on the TRO it had just issued, saying that complying with it would "cause severe operational consequences."
Undersigned counsel have been advised by the National Security Agency that compliance
with the June 5, 2014 Order would cause severe operational consequences for the National
Security Agency (NSA’s) national security mission, including the possible suspension of the
Section 702 program and potential loss of access to lawfully collected signals intelligence
information on foreign intelligence targets that is vital to NSA’s foreign intelligence mission.
It also promises to file a more complete response today, which we'll try to add here once it's out. This response seems bizarre. It's unclear why an order to not destroy evidence would mean that the Section 702 program would need to be suspended entirely. Either way, EFF lawyers had to stay up late last night, rushing out their own reply to the DOJ's frantic freakout.
It is not credible that, as the government contends, simply refusing to destroy during the
next 18 hours the communications it has intercepted will cause “the possible suspension of the
Section 702 program.”... How can the preservation of these intercepted
communications cause a “loss of access to lawfully collected signals intelligence information”? ...
That information will remain accessible even though it is being preserved.
More fundamentally, the unspoken but unmistakable foundation of the government’s
position is a contention that it never understood before this afternoon that the Court’s TRO
required it to preserve evidence relating to its interception of Internet communications. This, too,
lacks any credibility, especially in light of the extensive discussions between Court and counsel at
the March 19, 2014 hearing on the evidence preservation dispute. The government’s disregard for
the past three months of its obligations under the Court’s TRO should not be retroactively blessed
by granting a stay that permits the government to continue destroying evidence.
