colleen kollar-kotelly – Techdirt (original) (raw)

from the how-is-john-yoo-not-in-jail? dept

Oh, John Yoo. The former top Bush administration lawyer — who is already well-known for writing that administration’s (totally bullshit) “legal defense” for torture — has also been an outspoken advocate for NSA surveillance as well. Soon after the Snowden revelations, Yoo defended the NSA arguing that the 4th Amendment shouldn’t apply to the NSA because it takes too long. Then, he said that judges shouldn’t be allowed to determine if the NSA violated the 4th Amendment because they’re too out of touch with the American public. It’s long been known that Yoo also was deeply involved in creating the legal justifications for that very warrantless surveillance program he’s been defending, and now, finally, years later, the Office of the Director of National Intelligence has released the May 17, 2002 letter that Yoo sent to the FISA Court chief judge Colleen Kollar-Kotelly. You can read it here.

As the ODNI release notes, Judge Kollar-Kotelly was allowed to read the letter, justifying the NSA’s warrantless surveillance on Americans, but “was not authorized to retain a copy or take notes” because nothing says transparency democracy like secret interpretations of the law where no one’s allowed to know the details, and the people overseeing it are only allowed to glance at the justifications. It was the “re-evaluation” of this John Yoo rationalization that created the now infamous hospital room showdown in March of 2004, when some in the administration realized that Yoo was basically full of shit.

Anyway, now the Yoo memo (with plenty of redactions, of course!) has been released, and we can see just how absolutely ridiculous the whole thing was. In short, Yoo argues that even though, historically, the NSA was not allowed to do warrantless surveillance on Americans and the Foreign Intelligence Surveillance Act (FISA) made it clear that domestic surveillance needed to first be approved with warrants to the FISA Court (which is barely a court anyway), there was nothing that said that had to be the case, and the President was basically free to turn the NSA loose to spy on Americans without any FISA approval. First, he notes that the NSA is not technically or legally limited in surveilling Americans, even if it historically avoided doing so:

In short, that says because Congress didn’t explicitly limit the NSA in the same manner as the CIA, that must mean it’s okay for the NSA to spy on Americans. This basically ignores the history and rationale for the NSA, which was entirely secret for much of its early history anyway, and created and run out of the executive branch with little Congressional oversight. Yoo then admits that the driving executive order that enables much of the NSA’s activities — the infamous Executive Order 12333does explicitly say that the NSA can only conduct foreign signals intelligence surveillance, but that doesn’t matter, because future Presidents aren’t bound by previous Presidents’ executive orders. He also argues that if the NSA is spying on Americans in order to seek “significant foreign intelligence,” then it’s perfectly fine as well.

He then admits, generously, that even though there’s no actual legal restriction (in his mind) on the NSA spying on Americans, that it could “be in tension with FISA” since FISA requires a warrant for domestic surveillance. But fear not, evil legal genius John Yoo has a bullshit way around that as well. He goes through a detailed description of the limits of getting a warrant approved by FISA and bemoans the fact that it wouldn’t be possible to intercept all phone calls from a certain country under FISA.

And here’s where he gets really tricky. He says that FISA is not necessarily a limitation on what kind of surveillance can be done, but merely a safe harbor such that if you follow it you’re automatically presumed safe under the 4th Amendment. However, he insists that FISA cannot limit the President’s constitutional powers, and thus the President can still order warrantless domestic surveillance outside of FISA, and the only issue is that it’s outside of the FISA “safe harbors” — so it may not be automatically presumed in compliance with the 4th Amendment:

From there, he goes on for a while insisting that the President has the Constitutional power to order warrantless surveillance basically whenever he wants, with the only limitation being the 4th Amendment (which we’ll get to). And then he pulls a neat little trick, insisting that the President doesn’t require a warrant for conducting surveillance for national security related purposes (pointing to some caselaw involving questions around due process in espionage cases), and notes that, even better, FISA itself means that “surveillance conducted for national security purposes is not subject to the same Fourth Amendment standards that apply in domestic criminal cases.”

Did you see the neat trick he played there? First, he showed that the President can ignore FISA and Executive Order 12333, and then used FISA (which he already said the President could ignore) to argue that the 4th Amendment standards don’t really apply either. You want to know why lawyers get a bad name for bullshit arguments? Look at John Yoo — and then remember that his bullshit arguments weren’t just around a single case, but to justify spying on all Americans without a warrant (we’ll leave aside the fact that he did the same thing for torture as well).

From there, he actually argues that a court reading FISA to restrict the President would create a constitutional conflict:

This is a pretty fascinating rewriting of history. The whole point of the Foreign Intelligence Surveillance Act was to put limits and oversight on the collection of foreign intelligence information. And here Yoo argues that Congress intended no such thing as the very purpose of the law. That’s kind of astounding.

From there, Yoo then tries to argue that warrantless wiretapping of basically everyone in America also does not violate the 4th Amendment. First, he argues that the 4th Amendment does not apply to non-US persons. Next, he said that communications that leave the US electronically are also no longer subject to the 4th Amendment due to the “border search exception” — an issue that we’ve discussed plenty of times for people who have had their laptops searched as they enter the country. This, apparently, is part of Yoo’s 4th Amendment loophole. Any communications involving Americans that happens to slip outside of US borders loses any 4th Amendment protections. The fact that it’s digital, not physical, makes no difference according to John Yoo’s extremely distorted moral compass. But, he admits that there might be some concerns about the border search theory with regards to the contents of email and phone calls, so he has a trick: how about we just say the 4th Amendment doesn’t apply to the metadata, and we’ll call it even.

Then he uses the infamous Smith v. Maryland case, that established the Third Party Doctrine to argue further that there’s no 4th Amendment issue with sucking up all metadata. We’ve heard this argument many times in court by now. Because this one 1979 ruling, which was about whether or not law enforcement could get the phone records of a single phone from a person that they were tracking for criminal behavior, that means that everyone has given up any expectation of privacy in any metadata they have on any communications record — including email. This also suggests Yoo has no clue how email works. The reason that the phone records were considered legit was because the phone company had to track all of your phone calls for billing reasons, and thus had a “legitimate business purpose” in keeping track of all your phone record metadata. That’s not how email works, but Yoo basically pretends it does:

My ISP doesn’t get access to who I email. Because that’s not how email works.

Next up, Yoo argues that because the Fourth Amendment was really designed to deal with “curbing law enforcement abuses,” it really shouldn’t apply to support for “military operations.” And since the response to 9/11 is really about military operations, the 4th Amendment shouldn’t apply to spying on all Americans because it’s to support that purpose:

Finally, he argues that even if this program were subject to the 4th Amendment, which he doesn’t think it should be, that’s still okay, because snooping on every American’s communications is still “reasonable” under the 4th Amendment… because TERRORISTS!!!!!!!

In short, Yoo basically wipes aside anything that protects Americans from mass surveillance, despite the fact that the 4th Amendment was specifically designed to stop “general warrants” that allowed for mass surveillance, and despite the fact that FISA was passed to stop government abuse of surveillance powers. To Yoo, there’s an excuse for basically any kind of government intrusion on our private lives, and even if the laws and Constitution do apply, no problem, you just shout “terrorism” and all is allowed.

This is a really sickening letter. At the very least, it should have been made public at the time it was written so that it could have been debated (and trashed as ridiculous) at the time it was made. Instead, it was done in secret, given to a judge who could only read it and not keep it or take notes, and then wasn’t revealed publicly for almost 14 years. This is not how a democracy is supposed to function.

Filed Under: 4th amendment, colleen kollar-kotelly, email, fisa, john yoo, legal rationale, metadata, nsa, surveillance, warrantless surveillance, warrantless wiretapping

Newly Released Documents Show NSA Abused Its Discontinued Internet Metadata Program Just Like It Abused Everything Else

from the so,-more-of-the-same,-then? dept

James Clapper’s office (ODNI) has released a large batch of declassified documents, most of which deal with the NSA’s discontinued Section 402 program. What this program did was re-read pen register/trap and trace (PR/TT) statutes to cover internet metadata, including sender/receiver information contained in email and instant messages. (Not to be confused with the Section 702 program, which is still active and harvests internet communications.)

Notably, this marks only the second time that the ODNI has acknowledged the document release has been compelled by a FOIA lawsuit.

Following a declassification review by the Executive Branch, the Department of Justice released on August 6, 2014, in redacted form, 38 documents relating to the now-discontinued NSA program to collect bulk electronic communications metadata pursuant to Section 402 of the FISA (“PRTT provision”). These documents are also responsive to a Freedom of Information Act request by the Electronic Privacy Information Center.

As EPIC’s site notes (and the ODNI’s doesn’t), the program was authorized in 2004, but no legal justification was provided to Congressional oversight until a half-decade later. Contrast that fact with the ODNI’s statement:

The information released on August 6, 2014, together with documents previously released, demonstrates the extent to which the IC sought and received FISC approval to collect electronic communications metadata under the PRTT provision, the oversight regime of internal checks over the program, and that Congress was kept fully apprised of the status of NSA’s electronic metadata collection.

Apparently, in intelligence jargon, “fully” is synonymous with “eventually.”

Despite the program being discontinued, the documents are still heavily redacted. For instance, in the original opinion and order that found the bastardized PR/TT compliant with the Fourth Amendment, the government’s description of “meta data” runs multiple pages, almost all of it covered in black. The government acknowledges the email metadata, but redacts everything else — including testimony given on record to legislators. Chris Soghoian of the ACLU easily found some of the redacted text elsewhere on the web.

So, the declassification review apparently decided the public shouldn’t know the NSA collected instant messaging with its discontinued program. Too bad it was discussed openly in a Senate hearing.

The government’s memorandum in support of this wide-open interpretation of PR/TT also contains an expansive redefining of the word “relevant.” As Marcy Wheeler points out, the administration and the DOJ stretch the definition to mean “almost all” and then pretend they’ve done nothing at all. (Wheeler also has posted two very informative posts with further details from the newly-released documents.) From the memo:

Here, by contrast, reading the term “relevant” to permit the collection of this critical information during wartime is a construction rooted in the text that requires no stretching of the ordinary meaning of the terms of the statute at all. In fact, for all the reasons outlined above, interpreting section 402 to authorize the collection the Government has requested in the best reading of the plain terms of the Act.

To the government, the most insanely expansive reading is the “best” reading. As Wheeler notes, this self-congratulatory paragraph is another example of why secret courts are dangerous.

This is why you should not have secret courts.

I get making an aggressive push to authorize dragnet surveillance.

I get mining old and foreign dictionaries to come up with a definition that suits your needs.

But after you’ve made your best ditch effort to stretch the meaning of words, secretly, beyond all recognition, don’t then, secretly, pat yourself on the back pretending that wasn’t the game you just pulled.

But it’s still, to this day, a secret court. And the documents released show it’s still a largely deferential court — one that actively allows the administration and the NSA to do its thinking for it. It’s never been an adversarial court and has only very rarely acted like it’s part of a system of checks and balances. In Judge Kollar-Kotelly’s long defense of mutating PR/TT into an internet metadata dragnet, she puts words in Congress’ mouth and removes potential roadblocks with alarming speed. Whatever slack the FISA Court fails to cut the administration, it cuts for itself. From the same memorandum quoted above:

Here, construing FISA to preclude the signals intelligence activities that the Executive Branch has concluded are vital to wartime defense of the Nation would raise a grave constitutional question about whether the statute, as so construed, impermissibly impinges on the President’s constitutionally assigned authorities as Commander in Chief and Chief Executive.

[…]

In almost all cases of potential constitutional conflict, if a statute is construed to restrict the Executive, the Executive has the option of seeking additional clarifying legislation from Congress. In this case, by contrast, the Government cannot pursue that route because seeking legislation would inevitably compromise the secrecy of the collection program the Government wishes to undertake.

That’s the Executive Branch cutting the Legislative Branch out of the loop, and doing so with assistance provided by an offshoot of the Judicial Branch. That’s the vaunted oversight being kicked to the curb in order to oblige the NSA. The system of checks and balances apparently is unworkable during times of war.

All of this is unsurprising, given what we’ve learned about the FISA court over the past several months (as well as the government’s arguments in support of dragnet surveillance programs). Equally as unsurprising is the fact that the NSA immediately took this new program and abused it, just like it’s abused everything else it’s been entrusted with by the FISA Court.

A now-defunct National Security Agency (NSA) bulk collection program that collected information about online communications exceeded its authority, collected too much, and shared that information too freely, recently declassified court documents show

The government, the document indicates, “acknowledges that NSA exceeded the scope of authorized acquisition continuously during the more than [redacted] years of acquisition under [the] orders.”

When not abusing the limits of the program to gather information it shouldn’t have had access to, the NSA was sharing its ill-gotten goods with other government agencies, ignoring its own rules about dissemination by distributing unminimized US persons’ data. But despite this evidence of wrongdoing, no one was punished and, in fact, the government didn’t even feel compelled to explain its actions to the court.

As was noted above, the supposed oversight that’s supposed to help prevent this sort of abuse wasn’t even apprised of the program until five years after the FISA court gave its approval. The documents forced out of the NSA’s hands by a handful of lawsuits clearly shows the agency can’t be trusted to police itself and isn’t interested in letting anyone else tackle that job.

Filed Under: colleen kollar-kotelly, fisa, fisa court, fisc, internet metadata, nsa, section 402, surveillance

from the well-look-at-that dept

One of the most common defenses of the NSA’s bulk phone record collection (in which they get access to the record of basically every phone call in the US) is that the program has been reviewed and reapproved by the FISA Court every few months. Especially after the ruling by Judge Richard Leon calling the program unconstitutional, defenders of the program kept insisting that “every other judge” who reviewed the program had found it legal, with basically all of those other judges being the FISA court. Just yesterday, for example, Attorney General Eric Holder claimed that “at least 15 judges on about 35 occasions have said that the program itself is legal.”

Except… that’s not actually true. We already wrote about yesterday’s release of the PCLOB’s scathing report on how the program was both illegal and unconstitutional, but wanted to highlight one key point from early in the report, in which the PCLOB notes that the FISC never even bothered to look at whether or not the program was really legal until after it hit the press when Snowden leaked the details to Glenn Greenwald and Laura Poitras.

The Section 215 telephone records program has its roots in counterterrorism efforts that originated in the immediate aftermath of the September 11 attacks. The NSA began collecting telephone metadata in bulk as one part of what became known as the President’s Surveillance Program. From late 2001 through early 2006, the NSA collected bulk telephony metadata based upon presidential authorizations issued every thirty to forty-five days. In May 2006, the FISC first granted an application by the government to conduct the telephone records program under Section 215. The government’s application relied heavily on the reasoning of a 2004 FISA court opinion and order approving the bulk collection of Internet metadata under a different provision of FISA.

On June 5, 2013, the British newspaper The Guardian published an article based on unauthorized disclosures of classified documents by Edward Snowden, a contractor for the NSA, which revealed the telephone records program to the public. On August 29, 2013, FISC Judge Claire Eagan issued an opinion explaining the court’s rationale for approving the Section 215 telephone records program. Although prior authorizations of the program had been accompanied by detailed orders outlining applicable rules and minimization procedures, this was the first judicial opinion explaining the FISA court’s legal reasoning in authorizing the bulk records collection. The Section 215 program was reauthorized most recently by the FISC on January 3, 2014.

We had noted earlier this week that the NSA had relied heavily on that 2004 opinion by Judge Colleen Kollar-Kotelly, which was not about the Section 215 program, but rather a different program to collect internet metadata (since discontinued). What many had suspected, but was not clearly stated until now, was that the FISA Court didn’t actually bother to do any real analysis of the phone bulk collection data program until after it became public.

It was pretty clear when Judge Eagan’s ruling was released in September, that it was written for a post-Snowden world, in which the FISC actually had to explain its bizarre contortionist explanation for how collecting every phone record could possibly be legal or Constitutional. But what wasn’t quite known was that this was the first time a FISC judge had ever really bothered to look closely at the issue — seven years after starting to reapprove the program, with no analysis at all, every three months.

So this idea that the program was approved by 15 judges on 35 occasions is not even close to accurate. What seems clear is that FISC judges more or less let this issue slide for seven years, assuming (based on nothing) that because of Judge Kollar-Kotelly’s (already immensely troubling) ruling concerning internet metadata, involving a different authority, that the bulk phone records collection must also be legal under Section 215. It was only over the summer that Judge Eagan was given the unenviable task of trying to come up with an opinion to justify all of that in retrospect, which explains why the reasoning in the opinion was so laughable and easily poked full of holes by nearly everyone who looked at it — including those more inclined to support the program.

Either way, it’s fairly shocking that FISC basically didn’t bother to explore the legal issue at all until called on it. It also shows (1) why what Snowden did was so important and (2) why having an adversarial process in place is also important.

Filed Under: claire eagan, colleen kollar-kotelly, eric holder, fisa court, fisc, legal justification, pclob, section 215

Declassified Opinion On Bulk Email Collection Details More Abuse By The NSA

from the and-yet-the-program-received-a-green-light dept

As more NSA-related documents are forced out into the public eye, the narrative contained within the court opinions is at odds with the NSA’s continuous declarations that utmost care has been taken to prevent violating the privacy of Americans.

A previous release detailed how FISC Judge Reggie Walton nearly shuttered the Section 215 program in 2009 due to widespread abuse by NSA analysts. The evidence uncovered by internal audits and the agency’s own admissions led Walton to issue this damning statement:

The minimization procedures… have been so frequently and systemically violated that it can fairly be said that this critical element of the overall BR regime has never functioned effectively.

The NSA’s bulk internet metadata program (Stellar Wind) was also suspended for several months due to numerous violations. Judge John Bates, taking over for Kollar-Kotelly (who issued the opinion granting the NSA permission to collect internet metadata on Americans by using a very generous reading of the pen register statute), makes it clear he’s wholly unimpressed with the agency’s trustworthiness.

Although the specific terms of authorization under those orders varied over time, there were important constants. Notably, each order limited the authorized acquisition to [redacted] categories of metadata. As detailed herein, the government acknowledges that NSA exceeded the scope of authorized acquisition continuously during the more than [redacted] years of acquisition under these orders.

Although all dates are redacted, the opinion does cite Judge Walton’s 2009 findings (in reference to the Section 215 program). The authorization of the email metadata collection seems to have been granted in 2005 (at least in terms of targeting Americans), suggesting that we’re looking at close to another half-decade of abuse by the agency in this program — abuse that saw this program temporarily suspended as well.

Despite these almost-concurrent (and lengthy) episodes of abuse, the government not only sought reinstatement of the program, but also an expansion.

The current application relies on this prior framework, but also seeks to expand authorization in ways that test the limits of what the applicable FISA provisions will bear. It also raises issues that are closely related to serious compliance problems that have characterized the government’s implementation of prior FISC orders.

The court points out in a footnote that the oversight it’s supposed to provide (and that its defenders constantly point to) is severely hampered by the government itself.

The government argued that “FISA prohibits the Court from engaging in any substantive review of this certification,” and that “the Court’s exclusive function” was “to verify that it contains the words required” by the statute.

The court wasn’t impressed by this argument (but ultimately decided in favor of the government anyway) but it’s telling that the government would choose to read the Act as supportive of thwarting oversight.

Even when the government itself is presenting its case, it still can’t find a way to make the violations appear minimal.

As described by the government, the unauthorized collection resulted from failures to [redacted] in the manner required… By the government’s account, the lack of required [redacted] did not result from technical difficulty or malfunction, but rather from a failure of “those NSA officials who understood in detail the requirements of the [redacted] Opinion… to communicate those requirements effectively…”

The government assessed the violations to have been caused by “poor management, lack of involvement by compliance officials, and lack of internal verification procedures — not by bad faith.”

The scenario painted by the government is one of minimal care being taken with the dragnet’s data collection. It appears no one can be bothered to do the job right, even when entrusted with data of millions of Americans. This would be one thing if the agency was tiny and not tasked with national security. It’s quite another when the agency declares that national security trumps privacy concerns and then half-asses its way through each workday. You don’t need “bad faith” when you’ve got lousy management and zero interest in fixing the problem.

The court also notes that the surveillance programs (both the phone and internet metadata) were prone to overcollection. A few heavily-redacted paragraphs leaves just enough substance to indicate the size of the problem.

Notwithstanding this and many similar prior representations, there in fact had been systemic overcollection since [redacted]…

The government later advised that this continuous overcollection acquired metadata obtained at many other types of data” and that “[v]irtually every record” generated by this program included some data that had not been authorized for collection

The government has provided no comprehensive explanation of how so substantial an overcollection occurred, only the conclusion [lengthy redaction]… The government has said nothing about how the systemic overcollection was permitted to continue [lengthy redaction].

However, given the duration of this problem, the oversight measures ostensibly taken since-to detect overcollection, and the extraordinary fact that NSA’s end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired, it must be added that those responsible for conducting oversight at NSA failed to do so effectively.

The conclusions are ugly but are ultimately of little consequence. The program was reinstated. There’s a long discussion about the terminology being used in these court orders (along with some talk about whether a URL is “content” or “data,” p. 32-33) and several fully-redacted pages presumably detailing the metadata the NSA is authorized to collect (p. 35-52). The government’s discussion on what is or isn’t content (according to the NSA dictionary) contains another long stretch of uninformative blackness that spans from page 57 to page 70.

When we finally arrive at the government’s request to expand the authorization of its highly-modified “pen register,” we get some indication of exactly how much more metadata the agency was looking to grab.

The current application, in comparison with prior dockets, seeks authority to acquire a much larger volume of metadata at a greatly expanded range of facilities,” while also modifying — and in some ways relaxing — the rules governing the handling of metadata. In the foreseeable future, NSA does not expect to implement the full scope of the requested authorization because of processing limitations. [redacted] Response at 1. Even so, NSA projects the creation of [redacted] metadata records per day during the period of the requested order, compared with the norm under prior orders of approximately [redacted] records per day. Id. That is roughly an 11- to 24-fold increase in volume.

Despite the leap in volume and the stated misgivings about the NSA’s ability to do its job properly, the court granted both the expansion and continuation of the program. The court asked for a few minimal concessions (limited to two “hops,” RAS [reasonable articulable suspicion) searches only, an expiration date on stored data [180 days for Americans, one year for the rest of the world], additional reporting from the NSA), but other than that, allowed the bastardization of the pen register statute to sail through. About the only roadblock erected is the declaration that the previously unauthorized collections summarized early in the opinion were effectively off limits to NSA analysts, thanks to wording contained in the FISA Act itself.

We’re still in the dark as to what specifically the NSA was authorized to collect under the heading of “metadata” in this program. The information we do have has come from Snowden’s document leaks, not from the DNI’s “magnanimous” compelled response to court orders. Considering so much of this info is already out in the open, you would think the ODNI would have applied the black pen a little less heavily.

What we have learned is that the FISA courts have been delivered report after report of abuse by the NSA and has, with rare exceptions, allowed the agency to continue its collections uninterrupted. The “rubber stamp” may be able to craft 100+ page opinions filled with sincere discussions of the program’s merits and the NSA’s seeming inability to not exceed its authority, but when it’s all said and done, the court allows the collections to proceed.

Filed Under: abuse, colleen kollar-kotelly, email, john bates, metadata, nsa, section 215, stellar wind, surveillance

Declassified Opinion Shows The NSA Exploited Pen Register Statutes To Collect Internet Metadata On Millions Of Americans

from the the-box-has-no-edges... dept

The Office of the Director of National Intelligence has just released a very large set of declassified documents, covering a variety of topics. (Just a friendly reminder: these documents are being released because of a court order, not because the ODNI loves transparency, no matter how it’s phrased at I CON THE RECORD.) Of particular interest is one that appears to be the original court opinion that gave the NSA permission to collect bulk internet metadata on Americans, better known as the Stellar Wind program, which ran for a decade before being shut down in 2011.

Orin Kerr, writing for (watch your step) the Lawfare blog, breaks down the questionable arguments the government presented and the leaps the presiding judge (Colleen Kollar-Kotelly) made to grant this request.

To begin with, the government presents this collection as nothing more than a modern-day pen register. As Kerr explains, the privacy bar for pen registers is set incredibly low.

The federal pen register authorities use a mere certification standard. Under the national security version of the pen register statute, the FISC is required to approve an application for pen register surveillance whenever the Attorney General (or an attorney he designates) certifies under oath “that the information likely to be obtained” from the monitoring “is relevant to an ongoing investigation to protect against international terrorism or clandestine intelligence activities,” 50 U.S.C. 1842(c)(2). As long as the government has issued its certification, and the judge concludes that the government’s application falls within the statute, “the judge shall enter an ex parte order.” 50 U.S.C. 1842(d)(1). The government doesn’t have to say why it thinks the standard has been satisfied; it just certifies under oath that it does. And the judge has no authority to look behind the government’s assertion to see if its factual basis is strong, weak, or completely absurd. See generally In re Application of the United States, 846 F.Supp. 1555 (M.D. Fla. 1994). The judge’s only role is making sure the government checked the box and made the required certification under oath.

There’s a reason why the bar is set so low. It’s inherently limited.

The pen register authority permits monitoring of a suspect’s non-content metadata unprotected by the Fourth Amendment for a window of time, investigative steps outside the Fourth Amendment than are akin to tailing a suspect in public or obtaining a mail cover to monitor the outside of their mail.

So, all a judge is looking for is a box ticked by a US Attorney. If that’s present, then the pen register collection can proceed. But this is a surveillance method that is targeted at one particular suspect. It’s not used to collect data on multiple persons at one time. Certainly multiple pen registers can be obtained in order to collect multiple sets of metadata, but each request is singular. Or was, until the NSA decided to extrapolate the singular pen register into a bulk collections program.

[I]t wanted an order forcing a provider to record and disclose Internet metadata in real time on an ongoing basis for potentially tens of millions of customers, all with a single order obtained with no judicial review based on a mere certification by the Attorney General.

The government took this low bar and convinced a judge that there was technically no difference between collecting metadata on ONE person and collecting metadata on millions. It wasn’t just the government doing the rhetorical legwork. Kerr points out that the presiding judge ignored several statutory clues within the pen register law that indicated it was never meant to be used for bulk, untargeted collections.

The statute authorizes the judge to issue an order requiring the installation of “a” pen register to monitor “the person who is the subject of the investigation.” 50 U.S.C. 1842(d)(1)-(2). This is written in the singular, suggesting that each pen register requires a subject.

Furthermore, she buys into the government’s arguments that the ends justify the means.

She then concludes that the bulk collection is reasonable in a Fourth Amendment sense — not that the Fourth Amendment applies, as this is just metadata, but rather in the policy sense that the program represents a sensible balance between security and privacy along the lines of that required under Fourth Amendment reasonableness precedents. The application is thus granted because, all things considered, the program does seem to be a pretty good way to find terrorists. See pages 49-54.

This argument has been used more than once by the government to defend the NSA’s collections. The government extrapolates from the fact that if something isn’t a violation of civil liberties for one person (i.e., bulk records collections) than it’s not a violation when the program collects records on millions. The courts have backed this up: rights do not spring into existence ex nihilo.

The government used this argument to address Basaaly Moalin’s claims that records obtained under the Section 215 program violated his constitutional rights. In the most basic terms, it claimed that if an intelligence (or law enforcement) agency can surveil one person without violating their Fourth Amendment rights (using bulk records, etc.), it can do it to everyone. (Perversely, it then spins around and claims this is why no one has standing to sue the government over these untargeted collections.)

So, the expansion of the previously targeted pen register program into a bulk internet metadata collection relied on the same basic argument. Even if the statute is written in a way that specifies singular targeting, the government would argue that the statute is equally applicable to collecting data on millions of people — all of it needing no more authority than a signature of a United States Attorney.

All things considered, it’s rather surprising the Stellar Wind program was shut down. The NSA certainly has shown no desire to eliminate a program, even if it produces large amounts of nearly-useless data. More than likely, the program was just supplanted by a better dragnet. Right about the time Stellar Wind shut down, a rules change to the Section 702 collections program gave the NSA “permission” (via a new loophole) to target Americans directly.

Also of note: while there’s no date on this document (redacted, of course), the internal citations [Lamie V. United States Trustee, 124 S. Ct. 1023, 1030 (2004), p. 7; Engine Mfrs. Ass’n v. South Coast Air Quality Mqmt. Dist., 124 S. Ct. 1756, 1761 (2004), p. 14] suggest this opinion was the end result of another post facto search for permission by the NSA. The program supposedly began in 2001, but the court doesn’t actually address the collection until 2004, at the earliest. This may be the point that the NSA first sought to collect metadata on Americans, with all previous collections being foreign only — but without further documentation (and factoring in the agency’s tendency to collect first, seek approval later), there’s no way to tell if the NSA was collecting internet metadata without even the barest minimum of legal approval previous to this opinion.

Filed Under: colleen kollar-kotelly, email, fisa court, fisc, internet, metadata, pen register

Judge Tells Homeland Security To Shut Up And Release Aaron Swartz's File

from the about-time dept

After Aaron Swartz’s suicide, Kevin Poulsen filed a Freedom of Information Act (FOIA) request to the Department of Homeland Security, asking for the Secret Service’s file on Aaron Swartz, since it was the Secret Service that handled the bulk of the investigation. Aaron, himself, was a big user of the FOIA process, including retrieving his own FBI file concerning his earlier run-in with the authorities over downloading PACER material. So it seemed bizarre that the Secret Service denied Poulsen’s request, “citing a FOIA exemption that covers sensitive law enforcement records that are part of an ongoing proceeding.” Considering that the case was closed and Swartz was dead, that seemed like a ridiculous excuse.

Poulsen went through the official appeal process, which was ignored leading him to officially sue. In May, the government admitted that the law enforcement exemption no longer made sense, but then continued to do nothing about releasing the documents. However, Judge Colleen Kollar-Kotelly (a former FISA Court judge, and a name associated with various other high profile cases over the years) has now ordered the government to begin releasing the documents it has held about Aaron.

DHS claims that just last week it found a new stack of documents, and that it needs time to go through them all. The judge gave them a deadline of August 5th, but said it needs to already start releasing the documents it has already reviewed.

Filed Under: aaron swartz, colleen kollar-kotelly, foia, homeland security, kevin poulsen, secret service