minimization – Techdirt (original) (raw)
2013 Authority Expansion Means A Whole Lot Of People On Capitol Hill Can View Unminimized NSA Collections
from the little-bit-of-comms-dirt-on-everyone dept
The unmasking rules House Intelligence Chair Devin Nunes has been (somewhat disingenuously) complaining about have been around for a few years now. Normally, US persons’ identities are minimized before government officials can view intel gathered by the NSA. But in cases where it might be necessary to provide context, the White House can ask for the identities to be unmasked.
This has turned into a mini-firestorm on Capitol Hill, with Nunes striking most of the matches. The problem is Nunes should be aware of these rules, as he’s in charge of the intelligence oversight committee. He apparently doesn’t, or at least wasn’t aware how many people can actually ask for US persons to be unmasked.
The loosening of these restrictions traces back to Obama’s second term, as John Solomon of The Hill points out.
Procedures issued by Director of National Intelligence James Clapper in March 2013 formally supplanted a 1992 set of rules that made the dissemination of names of intercepted lawmakers or congressional aides an act of last resort.
The new standard allowed for a lawmaker’s or staffer’s name to be unmasked if “an executive branch recipient of intelligence” believed that learning “the identity of the Member of Congress or the Congressional staff is necessary to understand and assess the associated intelligence and further a lawful activity of the recipient agency,” according to a memo released earlier this month by the DNI’s office with little public fanfare.
The unmasking standard has become less of a “standard” as the years have passed, according to this report by The Hill. All the way back in the mid-90’s, the rules allowed only one person to sign off on unmasking: the head of the CIA. And this could only be done as a last resort — if context for the intercepted communications could not be “satisfied in any other fashion.”
Since then, there’s been nothing but slippage. Now it’s not only legislators that can request unmasking, but also their staffers as well, meaning there are potentially hundreds of people with the power to view unminimized NSA intel. (This doesn’t even include those on the downstream side of this surveillance: at least 16 federal agencies now have access to unminimized intel.)
Now that the Director of National Intelligence has replaced the CIA Director at the top of the unmasking organizational chart — something that happened in 2005 — the rules have been relaxing continuously. In fact, the latest version, which does away with the “as a last resort language,” was written into force by James Clapper’s office, which saw it as nothing more than a codification of practices the intel community was already engaged in.
(DNI Counsel Bob) Litt said by the time he drafted the 2013 rules, he did not believe he was changing policy, because the procedures had been evolving for years.
“We believed we were formalizing simply what we had inherited,” he explained.
It hasn’t slid so far that the exception has become the rule, but unmaskings are becoming far more routine. What used to be limited to a handful of times a year has now become a monthly occurrence. Hence the outrage from members of Congress, which should be viewed a bit skeptically, given they also have the power to perform unmaskings and their outrage tends to adhere to party lines.
The Trump administration has signed off on the 2013 rule change, indicating it feels there’s nothing wrong with the status quo. That makes Devin Nunes’ demands for answers that much more suspect, as he seems to be motivated more by the fact the rule change resulted in the ousting of short-lived National Security Advisor Mike Flynn (and assisting with the ongoing investigations into the administration’s ties to Russia) than any general sense of Constitutional wrongness.
This is a problem. Most requests for unmasking will eventually route through the Director of National Intelligence, but the bar has been lowered, both in terms of when requests can be made, but also by who. Most of the attention is being paid to the unmasking of communications between government officials, but it’s also normal, everyday Americans who are being subjected to lower privacy expectations as time goes on. As we head towards the renewal process for Section 702 collections, this is one of the areas Congress should spend some time discussing seriously. If nothing else, it gives lawmakers an opportunity to roll back some of the mission creep.
Filed Under: devin nunes, james clapper, minimization, nsa, surveillance, unmasking
Privacy And National Security Concerns Play Second Fiddle To Administration's Attempts To Control The Narrative
from the privacy-violations-are-coming-from-inside-the-house! dept
Rep. Devin Nunes, who heads the House Intelligence Committee, has been all over the privacy/security map in recent weeks. He’s publicly decried the supposed “illegal surveillance” of former National Security Advisor Mike Flynn while trying to avoid undercutting the NSA programs and presidential authority that make it all this spying possible.
His hypocrisy knows no bounds. Nunes has repeatedly suggested NSA spying activities (under Executive Order 12333) should receive even less oversight. Now he’s complaining the spy infrastructure he wholeheartedly supports is too big and dangerous, now that it’s resulted in Mike Flynn’s departure.
But it goes even further than that. Nunes is utilizing an informal network of what he calls “whistleblowers” to leak him details of investigations. Then he immediately goes and discusses these investigations in public. Barton Gellman (who handled some of Snowden’s leaks) points out just how far Nunes has gone in defending both Mike Flynn and Trump White House.
Three named officials—two Trump appointees and arguably his leading defender on the Hill—appear to have engaged in precisely the behavior that the president describes as the true national security threat posed by the Russia debate…
The offense, which in some cases can be prosecuted as a felony, would apply even if the White House officials showed Nunes only “tearsheet” summaries of the surveillance reports. Based on what Nunes has said in public, they appear to have showed him the more sensitive verbatim transcripts. Those are always classified as TS/SI (special intelligence) or TS/COMINT (communications intelligence), which means that they could reveal sources and methods if disclosed. That is the first apparent breach of secrecy rules. The second, of course, is the impromptu Nunes news conference. There is no unclassified way to speak in public about the identity of a target or an “incidentally collected” communicant in a surveillance operation.
When communications of US persons is “incidentally” collected, the information is minimized and the names redacted. Gellman points out “customers” (other government agencies/officials) can ask for the names to be revealed. But the policies governing dissemination mean the NSA doesn’t just hand out this info to anyone. The fact that Nunes knew whose communications were swept up along with the targets means the real breach of privacy isn’t the NSA’s incidental collection, but the unmasking of those incidentally-collected. That means the same White House that’s so upset about Trump being spied on is the one asking for an unminimized copies of the collected communications.
The names could only have been unmasked if the customers—who seem in this case to have been Trump’s White House appointees—made that request themselves. If anyone breached the president’s privacy, the perpetrators were working down the hall from him. (Okay, probably in the Eisenhower Executive Office Building next door.) It is of course hypocritical, even deceptive, for Nunes to lay that blame at the feet of intelligence officials…
This raises an even more interesting question about what’s going on at the White House. Officials are asking for unminimized reports on incidental collections. But for what reason? Gellman theorizes it may be some form of an unofficial backdoor search.
There is no chance that the FBI would brief them about the substance or progress of its investigation into the Trump campaign’s connections to the Russian government. Were the president’s men using the surveillance assets of the U.S. government to track the FBI investigation from the outside?
If so, it’s an interesting way to obtain information a government agency (the FBI) won’t share with you: get it from the intelligence agency that’s feeding it to the FBI. If this is what’s happening, it’s another example of the Trump White House — and those subservient to it — ignoring national security rules to further their own ends. This abuse likely isn’t unusual, but it’s definitely hypocritical for those engaging in it to make comments about the sanctity of privacy and/or national security while doing damage to both.
Filed Under: backdoor search, classified info, devin nunes, donald trump, incidental collection, leaks, mike flynn, minimization, nsa, surveillance 12333
Oh, Sure, Suddenly Now The House Intelligence Boss Is Concerned About Surveillance… Of Mike Flynn
from the high-court,-low-court dept
We’ve written a few times about Rep. Devin Nunes, who heads the House Intelligence Committee. He’s been a long-time vocal supporter of NSA surveillance. He insisted that there was no need for reform after the Snowden leaks and he actively misled the public and other members of Congress to shoot down an amendment that would have stopped so-called backdoor searches of “incidentally collected” information on Americans. Nunes falsely claimed that by blocking backdoor searches of the 702 database, it would have blocked things such as tracking whether or not the Orlando nightclub shooter had overseas contacts (it would not have done that at all).
So it’s fairly hilarious to see that Nunes’ first reaction to the news of National Security Advisor Mike Flynn’s resignation was to demand answers on why Flynn’s calls with Russian officials were recorded.
?I expect for the FBI to tell me what is going on, and they better have a good answer,? said Rep. Devin Nunes (R-Calif.), chairman of the House Permanent Select Committee on Intelligence, which is conducting a review of Russian activities to influence the election. ?The big problem I see here is that you have an American citizen who had his phone calls recorded.?
Uh, dude, you approved this kind of thing (loudly and proudly), and not only that, but you actively blocked suggested amendments that would have blocked the using of this information to dig into information on US persons. Maybe it’s time to rethink that one, huh? Of course, (former assistant Attorney General) David Kris (who knows this stuff probably better than anyone else) has made it clear that Flynn’s calls with a Russian official wouldn’t need to be “minimized” (i.e., have his identity excluded) because “a U.S. person?s name can be used when it is necessary to understand the foreign intelligence information in the report.”
Of course, there’s lots of irony to go around here. Timothy Edgar — who was the director of privacy and civil liberties for the White House National Security staff under Obama (and also did privacy/civil liberties work in the Bush administration) has noted that the leaking of the contents of his phone calls actually means that Flynn’s own civil rights have been violated and even suggests he gives the ACLU a call (oh, and another layer of irony: Edgar has been warning about how Flynn and others in the Trump administration might trample on civil liberties… and yet here, he’s arguing that Flynn’s civil liberties have been violated.)
Along those lines, Glenn Greenwald notes that the leaking of actual content from intercepted communications is a really serious crime, but one that should be seen as totally justified here, as it was clearly a form of whistleblowing (even as he admits that the motives of the leakers likely weren’t pure, but were possibly for revenge against Flynn, who many in the intelligence world disliked).
It is a big deal to actually leak the contents of an intercepted communication (most leaks and whistleblowing tend to be about programs, not the actual intercepted communications). Of course, this should raise other questions about why the NSA and FBI are surveilling so many people — and will the content of those other calls be used for political vendettas rather than true whistleblowing? Unfortunately, it seems unlikely that someone like Devin Nunes is going to care about all that. In typical “high court/low court” fashion, he’s only concerned that someone on his team was hurt by such surveillance, not that such surveillance regularly occurs.
Filed Under: devin nunes, fisa, house intelligence committee, michael flynn, minimization, surveillance
FISA Court Rejects Arguments By First Public Advocate To Argue NSA PRISM Backdoor Searches Are Unconstitutional
from the so-that's-a-shame dept
On Tuesday, the Office of the Director of National Intelligence released some redacted versions of three previously secret FISA Court rulings. There are a few interesting things in them, but one notable point, found in a ruling from last November regarding the NSA’s 702 PRISM program, is that the FISC took advantage of the provision in the USA Freedom Act to appoint a public advocate to argue on behalf of the public. One of the big complaints in the past, is that the FISA Court is no court at all. Only one side — the government — gets to present its case, and then the judges decide.
The USA Freedom Act, however, added the ability of the FISC to appoint a public advocate. Many have been quite reasonably skeptical about this — in terms of how often it would be used, who would be appointed and how seriously the FISC would take the public advocate. In this case, we see that the public advocate did, in fact, argue that parts of the PRISM program were unconstitutional… and the FISC then rejected that. In this case, the court appointed Amy Jeffress, a former federal prosecutor and DOJ official — which might make some skeptical of her willingness to actually advocate for the public — however, this ruling shows that she did, in fact argue that the program was unconstitutional (her actual arguments have not been released).
It appears that the FISC specifically asked Jeffress for her thoughts on the so-called “backdoor searches” that we’ve discussed before. Specifically, while the NSA is only supposed to collect info on non-US persons, it can collect and then hang onto a huge swath of information under the 702/PRISM program, including what’s referred to as “about” information (i.e., any information “about” a suspected terrorist — meaning your emails mentioning a terrorist could get sucked up). Historically, if the NSA came across any US person’s information this way they’re supposed to dump it. But through some twists and turns, these days the information gets kept… and is considered “incidentally” collected. Oh and the FBI and CIA then get access to all of that data as well for searching.
In this analysis, the FISC was examining how constitutional that whole thing is (and we’ll have another more detailed post on that as well). The FISC specifically asked Jeffress for an analysis of two specific issues here. Did either of the following two things violate the 4th Amendment: (1) the searches of the information collected in this manner that might return information concerning US persons, and (2) information that is preserved under this system for “litigation purposes” that might otherwise be required to be destroyed under so-called minimization rules. The second one is basically the issue that came up in some EFF cases, where the EFF is challenging the legality of the NSA collecting this data at all, but the NSA started deleting the data in question, because it’s required to delete data after five years. So there’s a question of whether or not that data can legally be kept, even if it needs to be kept for the lawsuit. On this, it appears the court is fine with holding onto data for such litigation preservation.
However, on question number (1), Jeffress apparently noted that the FBI being able to do these backdoor searches appears to go way beyond what’s allowed. Remember, this information was collected specifically for the purposes of national security. The whole 702 program was designed and approved on the basis that it was about national security. Yet, it appears that once the FBI gets its hands on it, it’s used for all sorts of other stuff. This is just what everyone had assumed before when first learning about these backdoor searches. Jeffress starts off by arguing that these kinds of searches simply go beyond what the law itself allows:
Amicus curiae Amy Jeffress has raised concerns regarding the querying provisions of the FBI Minimization Procedures…. Ms. Jeffress does not specifically assert that the querying provisions render the procedures inconsistent with the applicable statutory definition of minimization procedures. Nevertheless, she contends that the FBI Minimization Procedures “go far beyond the purpose for which the Section 702-acquired information is collected in permitting queries that are unrelated to national security.” …
However, the court doesn’t buy it:
The Court respectfully disagrees.
There is no statutory requirement that all activities involving Section 702 data serve solely a foreign intelligence national security purpose. To be sure, Section 702 was enacted to permit “the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.”… But even at the time of acquisition, the statute does not require the government to have as its sole purpose obtaining foreign intelligence information. Rather, the AG and DNI need certify only that obtaining foreign intelligence information is “a significant purpose” of the acquisition. Under the “significant purpose” standard, an acquisition under Section 702 is permissible “even if ‘foreign intelligence’ is only a significant — not a primary — purpose” of the targeting decision….
Nor does FISA foreclose any examination or use of information acquired pursuant to Section 702 that lacks a purpose relating to foreign intelligence. It is true that the govemment’s minimization procedures must be “reasonably designed in light of the purpose and technique of the [collection], to minimize the . . . retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information,” and must limit the dissemination of nonpublicly available information identifying unconsenting United States persons to certain circumstances…. Notwithstanding these requirements, however, FISA states that the minimization procedures must also “allow for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.” … Hence, FISA does not merely contemplate, but expressly requires, that the government’s procedures provide for the retention and dissemination of Section 702-acquired information that is evidence of crime for law enforcement purposes. This requirement applies whether or not the crime in question relates to foreign intelligence or national security.
The counter argument to this, from Jeffress, appears to be that this is a misreading of the law in question. While it does say such information may be retained and disseminated for the purpose of law enforcement, that doesn’t mean that bulk collection data can be queried for the purpose of law enforcement. This is an important distinction. Jeffress’ reading of the law is basically “okay, if in the process of going through this for legitimate foreign intelligence purposes you ALSO come across evidence of domestic criminal activity, you don’t need to ignore it and can pass it on to law enforcement.” But that’s worlds away from what we actually have today, which is that the NSA basically says “boo, terrorism!” and collects a ton of useless information, but then lets the FBI trawl through for any evidence of criminal behavior.
Unfortunately, the FISC just doesn’t see that argument.
It would be a strained reading of the definition of minimization procedures to permit FBI personnel to retain and disseminate Section 702 information constituting evidence of a crime implicating a United States person for law enforcement purposes, but to prohibit them from querying Section 702 data in a manner designed to identify such evidence. And such an interpretation would lead to anomalous results: FBI personnel who came across one communication acquired under Section 702 that incriminates a United States person perhaps because it was responsive to a query for foreign intelligence information would be prohibited from running queries tailored to identify additional communications obtained under Section 702 pertaining to the same criminal activity, even though Section 1801(h)(3) explicitly authorizes the retention and dissemination of such information for law enforcement purposes.
This seems like a stretch to me. There are lots of situations where law enforcement may be able to lawfully access some information, but not lawfully access other information. Hell, under the scenario described, it seems like the FBI could use the information obtained from a legitimate national security query to then issue a subpoena or warrant for the other information, since we’re mostly talking about information held by 3rd parties anyway.
Jeffress also made the constitutional arguments… which also fell flat.
Amicus curiae Amy Jeffress urges the Court to reconsider its prior Fourth Amendment assessments and to reach “a different conclusion” in light of the provisions of the FBI Minimization Procedures, discussed above, permitting agents and to query the Section 702-acquired information in the possession using United States-person information for the purpose of finding evidence of crimes unrelated to foreign intelligence…. Ms. Jeffress asserts that without additional safeguards, such querying is inconsistent with the requirements of the Fourth Amendment:
> The querying procedures effectively treat Section 702-acquired data like any other database that can be queried for any legitimate law enforcement purpose. The minimization procedures do not place any restrictions on querying the data using U.S. person identifiers. . . . As a result, the FBI may query the data using U.S. person identifiers for purposes of any criminal investigation or even an assessment. There is no requirement that the matter be a serious one, nor that it have any relation to national security. . . . [T]hese practices do not comply with . . . . the Fourth Amendment.
According to Ms. Jeffress, the querying provisions of the FBl Minimization Procedures should be revised to “require a written justification for each U.S. person query of the database that explains Why the query is relevant to foreign intelligence information or is otherwise justified,” or in some other manner that provides additional protection for the United States- person information in the FBI’s possession.
The court rejects this — and also rejects Jeffress’ claim that each search by the FBI should get its own 4th Amendment scrutiny — saying the whole program can be judged as one. The reason for rejecting the constitutional claim, however, is pretty weak. It basically says, well, the government has to balance national security with privacy and in this case, it’s okay. It also notes that there are some limitations on what the FBI can look at and also the fact that the FBI has rarely actually found evidence of criminal activity while trawling through the database (though I fail to see how that impacts the constitutional question at all…).
So, it does look like Jeffress put forth a decent argument… but the court simply didn’t buy it. That’s obviously going to happen, but the real question is whether or not the FISC will ever take the arguments of a public advocate seriously.
Filed Under: 4th amendment, amy jeffress, cia, fbi, fisa court, fisc, mass surveillance, minimization, nsa, prism, public advocate, section 702
Congressional Reps Tell NSA To Cease Sharing Unminimized Data With Domestic Law Enforcement Agencies
from the the-fed's-Big-Brother-program:-'adopt'-a-domestic-agency! dept
The FBI announced (without going into verifiable detail) that it had implemented new minimization procedures for handling information tipped to it by the NSA’s Prism dragnet. Oddly, this announcement arrived nearly simultaneously with the administration’s announcement that it was expanding the FBI’s intake of unminimized domestic communications collected by the NSA.
So, which was it? Was the FBI applying more minimization or was it gaining more raw access? The parties involved have so far refused to offer any further details on either of the contradictory plans, save for vague assurances about the lawfulness of both options.
Fortunately, a few legislators have stepped up to do something about it. Megan Geuss of Ars Technica reports that Reps. Ted Lieu and Blake Farenthold have sent a letter to the NSA telling it to hold off on its plans to share unminimized data and communications with domestic intelligence agencies… at least until it’s been discussed publicly.
We respectfully request you confirm whether the NSA intends to routinely provide intelligence information-collected without a warrant-to domestic law enforcement agencies. If the NSA intends to go down this uncharted path, we request that you stop. The proposed shift in the relationship between our intelligence agencies and the American people should not be done in secret. The American people deserve a public debate. The United States has a long standing principle of keeping our intelligence and military spy apparatus focused on foreign adversaries and not the American people.
The letter points out that while Congress has granted the NSA “extraordinary authority” to conduct warrantless surveillance and harvest massive amounts of data, it has not done so for domestic intelligence and law enforcement agencies. But that deliberate limitation of powers has been undone by the administration’s expansion. It may be indirect — requiring the assistance of the NSA — but it accomplishes the same purpose: giving warrantless surveillance and bulk collection powers to domestic agencies by proxy.
The letter — sent to the heads of a variety of Congressional committees — pulls no punches in its comparative depiction of this overreach.
We believe allowing the NSA to be used as an arm of domestic law enforcement is unconstitutional. Our country has always drawn a line between our military and intelligence services, and domestic policing and spying. We do not — and should not — use U.S. Army Apache helicopters to quell domestic riots; Navy Seal Teams to take down counterfeiting rings; or the NSA to conduct surveillance on domestic street gangs.
What’s most amazing about the administration’s move is that it followed — directly — two and a half years of NSA document leaks, their accompanying protests, lawsuits and backlash, the passage of the USA Freedom Act and an intense debate over the lawfulness of the PATRIOT Act. Add to that the fact that it was dropped right in the middle of a heated legal battle that has shown the FBI to be both grasping for power and incapable of telling the truth — and it clearly shows the administration is so insulated from the collateral damage of a decade-plus of constantly expanding surveillance powers as to be completely unable to detect shifts in tone.
Filed Under: blake farenthold, data sharing, doj, dragnet, fbi, minimization, nsa, ted lieu
Administration Grants FBI More Raw Access To NSA Data Just As FBI Claims To Be Implementing New Minimization Procedures
from the offsetting-fouls? dept
Spencer Ackerman of the Guardian was the first to report the news — what there was of it — that the FBI’s rules governing its access to data collected by the NSA have changed. To what exactly, no one knows. Neither agency is offering any details.
The classified revisions were accepted by the secret US court that governs surveillance, during its annual recertification of the agencies’ broad surveillance powers. The new rules affect a set of powers colloquially known as Section 702, the portion of the law that authorizes the NSA’s sweeping “Prism” program to collect internet data. Section 702 falls under the Foreign Intelligence Surveillance Act (Fisa), and is a provision set to expire in 2017.
A government civil liberties watchdog, the Privacy and Civil Liberties Oversight Group (PCLOB), alluded to the change in its recent overview of ongoing surveillance practices.
As of 2014, there were few limits to the FBI’s access to NSA data. The PCLOB expressed its concerns at that time. Apparently, things have improved, but no one’s willing to detail the additional restrictions. We’re just expected to believe they’re in place.
[T]he PCLOB’s new compliance report, released last month, found that the administration has submitted “revised FBI minimization procedures” that address at least some of the group’s concerns about “many” FBI agents who use NSA-gathered data.
“Changes have been implemented based on PCLOB recommendations, but we cannot comment further due to classification,” said Christopher Allen, a spokesman for the FBI.
Other spokespeople had similar nods of “yes, more restrictions” to add and even hinted that these new limits may be made public at some point. Heartening news… perhaps. We don’t know how expansive the data-sharing was prior to the new guidelines and we still don’t know how scaled back it will be post-restrictions.
For that matter, it seems as though the new limits will be largely offset by the administration’s earlier announcement that the FBI would have more access to NSA data.
The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.
The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.
So, on one hand, the FBI is claiming that its backdoor search permissions have been dialed back, but that comes roughly two weeks after the administration announced its plans for expanded data sharing. What’s being scooped up under national security authority is being used for plain vanilla law enforcement. Not only can the FBI access the NSA’s collections (and it has been… for several years now), but it can pass info it finds down the line to local law enforcement agencies. Any minimization procedures put in place by the FBI at the suggestion of the PCLOB may still be there, but the agency itself will be given unminimized access to NSA data hauls.
What does this rule change mean for you? In short, domestic law enforcement officials now have access to huge troves of American communications, obtained without warrants, that they can use to put people in cages. FBI agents don’t need to have any “national security” related reason to plug your name, email address, phone number, or other “selector” into the NSA’s gargantuan data trove. They can simply poke around in your private information in the course of totally routine investigations. And if they find something that suggests, say, involvement in illegal drug activity, they can send that information to local or state police. That means information the NSA collects for purposes of so-called “national security” will be used by police to lock up ordinary Americans for routine crimes. And we don’t have to guess who’s going to suffer this unconstitutional indignity the most brutally. It’ll be Black, Brown, poor, immigrant, Muslim, and dissident Americans: the same people who are always targeted by law enforcement for extra “special” attention.
The rule change will basically codify the FBI’s backdoor searches, making it that much tougher to challenge in court. Not only that, but the NSA’s overwatch of the data lends everything collected just enough “national security” interest to make evidence collected unavailable to defendants and will encourage even more parallel construction by law enforcement agencies.
The “incidental” collection of Americans’ communications and data will no longer be just a regrettable part of the “collect it all” approach. It will be a feature, rather than a bug. Local law enforcement agencies can’t do much to pursue overseas suspects but they will be very interested in anything pulled from NSA haystacks that falls into their jurisdictions. If the FBI has actually beefed up its minimization policies — as the Guardian’s article suggests — then it will have nothing to pass along. The agency may actually have more restrictive policies now, but the administration’s proposal would effectively give the FBI a reason to ignore them.
Furthermore, the new expansion of sharing actually does very little to expand domestic law enforcement use of NSA collections. The FBI has been able to do this since 2002, when the FISA Court granted the Bush administration its request for expanded sharing. The Bush team expanded this again in 2008 and the Obama administration has been at work on the logistical framework and codification of ongoing domestic surveillance.
The FBI may have new minimization procedures but they only kick in after it’s already helped itself to the NSA’s raw data. Since it has the permission to pass information along for law enforcement purposes, the only entities that may see only minimized data will be much further down the line.
Filed Under: data, minimization, nsa, surveillance, white house
Rather Than Ending NSA's Key Surveillance Tool, White House To Now Let Other Agencies Use It
from the uh...-what-now? dept
Late last night, the NY Times broke a very troubling story. Rather than finally putting an end to Executive Order 12333, it appears that President Obama is going to expand the power of it in dangerous ways. We’ve written about EO 12333 a bunch of times, but for those of you unfamiliar with it, it’s an executive order signed by President Reagan that basically gave the NSA pretty free rein to collect signals intelligence outside of the US. Because it’s not (technically) about domestic surveillance, what the NSA does under EO 12333 is not subject to Congressional oversight. That is, Congress is mostly as much in the dark as everyone else is on what the NSA is doing overseas. And, as former State Department official John Napier Tye revealed a couple of years ago, for all the talk of domestic surveillance programs revealed by Ed Snowden, the NSA’s real power comes almost entirely from 12333.
And it has no limitations. Napier noted that the other programs — things like Section 215 (now morphed into whatever the USA FREEDOM Act allows) and Section 702 — were merely used to “fill in the gaps” not covered by 12333.
And it almost certainly involves both foreign and domestic intelligence. Basically, if any of your data goes outside of US boundaries, the NSA is free to capture it under 12333. Remember those stories of the NSA hacking into datacenters of companies like Google, Yahoo and Microsoft? Those datacenters were in Singapore. And the reason the target was Singapore rather than the US, was because of 12333.
Meanwhile, the NSA likes to insist that it respects the privacy of Americans thanks to its vast minimization program that is supposed to dump inappropriate data on Americans, or in stripping out private information when sharing data with other agencies.
But apparently that’s going away. Instead, the White House has plans to let the NSA share data collected under 12333 with other government agencies without any minimization. Basically, whatever the NSA collects overseas might now be freely available to the FBI or Homeland Security or the IRS or the DEA. Doesn’t that seem at least somewhat problematic? From the NY Times:
The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.
The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.
The idea is to let more experts across American intelligence gain direct access to unprocessed information, increasing the chances that they will recognize any possible nuggets of value. That also means more officials will be looking at private messages ? not only foreigners? phone calls and emails that have not yet had irrelevant personal information screened out, but also communications to, from, or about Americans that the N.S.A.?s foreign intelligence programs swept in incidentally.
This is crazy. For all the talk of the NSA having access to all of this information, and even a fair number of reports of NSA staff “abuse” of their access to data, in general, the NSA certainly has a reputation for being serious about not allowing any abuse of the data. Other agencies? Not so much. The FBI, CIA, DEA and ATF, for example, have long and colorful histories of abusing data to harass and intimidate people. Giving them much wider access to whatever the NSA slurps up overseas, and then trusting those agencies to handle “minimization” (as is the apparent plan) is downright frightening.
And despite this massive change, the public won’t get to weigh in. Instead:
Intelligence officials began working in 2009 on how the technical system and rules would work, Mr. Litt said, eventually consulting the Defense and Justice Departments. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input. Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ashton B. Carter, the defense secretary.
Oh sure. They just need approval from the folks who will benefit most from all of this, and no real discussion with the public who will be impacted by it. What a surprise…
Filed Under: atf, cia, dea, executive order 12333, fbi, irs, minimization, nsa, privacy, surveillance
Canada Temporarily Drops Out Of Five Eyes Spying Coalition, After Realizing It Wasn't Properly Protecting Information
from the an-eye-for-an-eye dept
Of course, by now you know about the “Five Eyes” coalition of the signals intelligence agencies of the US, UK, Canada, Australia and New Zealand all sharing certain intelligence information between them. Some of the Snowden docs have made clear that this collaboration helps the various countries get around restrictions on “domestic” surveillance by effectively offshoring it to other “friendly” electronic spy agencies. Well, at least for now, it appears that that the Five Eyes effort has lost an Eye.
Canada’s signals intelligence agency, the Communications Security Establishment (CSE), has stopped sharing data with the other Four Eyes after realizing that it hadn’t done a particularly good job of protecting the metadata it collected on Canadians.
“While I was conducting this current comprehensive review, CSE discovered on its own that certain metadata was not being minimized properly,” Plouffe explained in the report.
“Minimization is the process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared ?.”
“The fact that CSE did not properly minimize Canadian identity information contained in certain metadata prior to being shared was contrary to the ministerial directive, and to CSE’s operational policy.”
I guess it’s nice that the CSE figured out that it had screwed up on its own, but really, it makes you wonder just how much information the Canadian gov’t was sending abroad on its own citizens.
Of course, the sharing will start back up again at some point in the future, once they’ve decided that they’ve properly “minimized” the data. And while Canadian politicians seem to be accepting the very Canadian apology of the CSE and saying that this was all an accident, shouldn’t this kind of “mistake” lead to a bit more than a “sorry” and “we’ll make sure it’s better next time”? Shouldn’t we be examining why such mass surveillance and data sharing are happening in the first place?
Filed Under: canada, five eyes, mass surveillance, metadata, minimization, nsa, sigint, surveillance
How The NSA Enabled Israel Military Intelligence To Politically Persecute Innocent Palestinians
from the a-huge-mess dept
Almost exactly a year ago, one of the many Snowden revelations came out, this time concerning the fact that the NSA was giving raw domestic communications data to Israeli military intelligence. This was somewhat shocking, because it basically was allowing Israeli intelligence to sift through communications data (both metadata and actual communications), including on Americans, without any restrictions. As was noted at the time:
Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.
The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process “minimization”, but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.
James Bamford, the long-time NSA watcher and chronicler, has a new article in the NY Times, where he now connects that free and unencumbered data sharing with revelations of abuse by the very Israeli military intelligence unit the data went to. Bamford notes that, when he interviewed Snowden over the summer, Snowden had called out the data sharing with Israel as one of the most shocking finds:
Among his most shocking discoveries, he told me, was the fact that the N.S.A. was routinely passing along the private communications of Americans to a large and very secretive Israeli military organization known as Unit 8200. This transfer of intercepts, he said, included the contents of the communications as well as metadata such as who was calling whom.
Typically, when such sensitive information is transferred to another country, it would first be ?minimized,? meaning that names and other personally identifiable information would be removed. But when sharing with Israel, the N.S.A. evidently did not ensure that the data was modified in this way.
Mr. Snowden stressed that the transfer of intercepts to Israel contained the communications ? email as well as phone calls ? of countless Arab- and Palestinian-Americans whose relatives in Israel and the Palestinian territories could become targets based on the communications. ?I think that?s amazing,? he told me. ?It?s one of the biggest abuses we?ve seen.?
And, indeed, Bamford notes, it’s now been more or less confirmed that the information that NSA was sharing was used to persecute innocent Palestinians. This is only coming out now because dozens of veterans of the unit publicly called out the abuses and refused to continue to participate in the process:
It appears that Mr. Snowden?s fears were warranted. Last week, 43 veterans of Unit 8200 ? many still serving in the reserves ? accused the organization of startling abuses. In a letter to their commanders, to Prime Minister Benjamin Netanyahu and to the head of the Israeli army, they charged that Israel used information collected against innocent Palestinians for ?political persecution.? In testimonies and interviews given to the media, they specified that data were gathered on Palestinians? sexual orientations, infidelities, money problems, family medical conditions and other private matters that could be used to coerce Palestinians into becoming collaborators or create divisions in their society.
Everything about this is disturbing. There have long been concerns about the NSA and other intelligence agencies using the information they have access to try to coerce innocent people, threatening to embarrass them or reveal secrets. Other Snowden documents have revealed that the NSA in fact had plans on how to do something similar, using things like the porn surfing habits of people they didn’t like to embarrass and discredit them — even if they weren’t part of any terrorist organization. While the NSA insisted it never did such things, this latest revelation suggests that the NSA clearly enabled the Israelis to do exactly that — often using communications and metadata of Americans, handed over willy-nilly to the Israelis to do just that.
Meanwhile, kudos to the Israeli veterans for blowing the whistle on this kind of activity.
Filed Under: ed snowden, embarassment, israel, james bamford, minimization, palestinians, privacy, raw data, surveillance, unit 8200
Judge Says NSA Can Continue To Destroy Evidence
from the bad-ruling dept
Well, this is unfortunate. After yesterday’s back and forth between the DOJ and the EFF over the ongoing destruction of key evidence in the Jewel v. NSA case, the court ordered an emergency hearing for this afternoon. About an hour before the hearing, the DOJ presented its opposition to the temporary restraining order, arguing, basically, that it would be too damn complicated to stop destroying evidence in the case. Part of this is because the data collected under the Section 702 program apparently isn’t just one big database, but is quickly fed into all sorts of other systems.
. Unlike the Section 215 telephony metadata program, which resides on a discrete computer systems architecture, communications acquired pursuant to Section 702 reside within multiple databases contained on multiple systems. Those databases and systems are designed to effectuate FISC-approved minimization procedures that require (with certain limitations) the destruction (purge) upon recognition of certain communications and the age-off of certain raw data within either two years or five years from the expiration of the certification authorizing its acquisition. Halting these purges and age-offs to preserve all Section 702 material, as we understand the Court to have ordered, would require significant technical changes to these databases and systems and would have the effect of forcing NSA into non-compliance with FISC-approved minimization procedures, thus placing the entire program in legal jeopardy
In short: because we’re ordered to delete some data by the law to avoid spying on Americans, to now ask us not to delete any data would violate the law that says we have to delete some data. And, to figure out how to do this would be crazy confusing, because the NSA is a giant bureaucratic machine of spying, and you can’t just throw a rock into it like that. Or something:
Changes of this magnitude to database and systems architecture normally take months to engineer and test; to comply immediately with the Court’s order, the NSA may have to shut down all the databases and systems that contain Section 702 information. Such a shutdown would suspend acquisition of communications pursuant to Section 702 and analyst access to communications acquired under Section 702. NSA would lose access to what would be otherwise lawfully collected signals intelligence information on foreign intelligence targets that are vital to the performance of NSA’s foreign intelligence mission. Section 702 is the most significant tool in NSA’s arsenal for detecting, identifying, and disrupting terrorist threats to the United States and around the world. The impact of a shutdown of the databases and systems that contain Section 702 information cannot be overstated.
After the hearing, the judge sided with the NSA/DOJ, basically saying that the original temporary restraining order blocking the destruction of evidence (from back in March) still stands, but that the issue of whether or not it actually also covers data collected under Section 702 will be briefed at a later date, and until that time the DOJ/NSA are free to continue destroying evidence.
If there’s some sort of silver lining to all of this, it’s at least the acknowledgement that the NSA really does have a minimization process to not hang onto information it’s not supposed to have, and that it’s not immediately easy to turn off the process of getting rid of that data. But, still, that’s a small consolation, given the seriousness of the issues in the case, and the fact that the destroyed evidence may highlight more serious abuses by the NSA in conducting surveillance on Americans.
Filed Under: destruction of evidence, doj, jewel v nsa, minimization, nsa, section 702, surveillance
Companies: eff