nsa – Techdirt (original) (raw)

Major SS7 Vulnerability In Wireless Networks Oddly Gets A Fraction Of The Hysteria Reserved For TikTok

from the you-are-not-serious-people dept

While lawmakers, looking to get on cable TV, spent much of the last few years performatively hyperventilating about TikTok privacy and national security issues, few of those same folks seem quite as bothered by the parade of obvious, nasty vulnerabilities in the nation’s telecom networks.

For example, we still haven’t somehow addressed longstanding flaws in Signaling System 7 (SS7, or Common Channel Signaling System 7), a series of protocols hackers can exploit to track user location, dodge encryption, and even record private conversations. Governments and various bad actors routinely exploit the flaw to covertly spy on wireless users around the planet without them ever knowing.

It’s very bad, and we’ve know about the problem for a long while. 60 Minutes aired a profile on the issue back in 2016. Senator Ron Wyden demanded answers as early as 2017 from mobile phone companies as to why they haven’t done more to thwart the abuse. I’d always lazily assumed we weren’t rushing to fix the problem because it’s currently being broadly exploited by the U.S. government.

Earlier this month a Cybersecurity and Infrastructure Security Agency (CISA) official broke ranks with the NSA and formally acknowledged for the first time that the U.S. has exploited flaws in SS7 for years, going so far as to use it to track and surveil folks within the U.S. 404 Media has an interesting (but paywalled) report that’s worth a read.

Wyden sent another letter to the Biden administration last February, asking why the government seemingly refuses to take the SS7 flaw particularly seriously:

“Surveillance companies and their authoritarian foreign government customers have exploited lax security in U.S. and foreign phone networks for at least a decade to track phones anywhere in the world. Authoritarian governments have abused these tools to track Americans in the United States and journalists and dissidents abroad, threatening U.S. national security, freedom of the press, and international human rights.”

In April the FCC announced it would finally be probing “grave” weaknesses in both SS7 and another similarly flawed protocol, Diameter. But the generally feckless agency will likely be butting heads not just with U.S. intelligence, but the giant telecoms like AT&T tethered to our domestic surveillance systems. So whether this results in any meaningful reform will have to be seen.

What’s amusing is that this is a massive, significant, proven flaw in our communications networks and a proven risk to national security, and yet you’d be hard pressed to see one-one thousandth of the press coverage or political attention relegated to concerns about a single Chinese app.

The TikTok fracas was utterly avoidable for three straight years as a partially Facebook-driven hysteria about the potential security threat of the app utterly consumed American discourse. Yet if you want to learn anything about the SS7 flaw, you’ll see nowhere near the same attention, with most of the coverage (like the 404 piece or this Economist piece from this month) paywalled.

Recall that Republican FCC official Brendan Carr spent much of the last three years going on cable TV news to whine incessantly about the purported privacy and national security threat of an app he doesn’t have regulatory oversight over. Yet do a basic Google search for his name and SS7 and you’ll find the Commissioner far less invested in a problem in a sector he actually regulates.

TikTok isn’t without issues, but I still tend to think the absolute hysteria surrounding TikTok mostly functions as a policy and media distraction from our comically corrupt failure to pass a modern privacy law, regulate data brokers, and protect U.S. consumers from harm.

Between the robocall scourge and major security vulnerabilities, policy incompetence has resulted in us ceding our wireless communications networks to scammers, scumbags, and surveillance hungry bureaucrats. And outside of Ron Wyden, officials that could do something about it spend more time crying about a popular Chinese app peppered with sexy dancing and adorable racoons — than doing their actual jobs.

Filed Under: 5g, cisa, flaw, nsa, phone, privacy, ron wyden, security, ss7, surveillance, telecom
Companies: tiktok

Having Secured A Clean 702 Reauthorization, The FBI Gets Back On Its Backdoor Search Bullshit

from the status-back-to-quo dept

There was more contention than usual prior to the most recent reauthorization of Section 702 surveillance powers. The blame for the multiple fights leading up to a clean renewal lies entirely at the feet of the FBI, which has constantly abused its access to NSA collections to perform warrantless searches targeting US persons’ communications.

Normally, this sort of thing would require a warrant. I mean, that’s how it works everywhere else. But by dipping into the communications harvested by this “foreign-facing” surveillance program, the FBI has been able to avoid seeking warrants even as it accesses communication originating in the United States.

Somehow, that’s just not enough for the FBI. Having a backdoor that bypasses the Fourth Amendment would seem to be a pretty sweet deal, but the FBI has spent years ignoring its internal policies and directives from the FISA Court to engage in the sort of surveillance most people would think only governments without established Constitutional protections would dare to engage in, especially with as much frequency as the FBI did.

Then the FBI finally targeted the wrong people: Trump-supporting legislators who thought the agency went too far when it targeted communications from their in-group. This led to a lot of Republican opposition to a clean reauthorization. It also gave other legislators (like Senator Ron Wyden and others who are far less partisan in their activities) hope this might be the year the FBI was finally hit with a warrant requirement.

But, by the time the Capitol Hill dust had settled, the NSA and FBI got (another) free pass on everything. The reforms were stripped from the final bill and the president signed it shortly thereafter.

The same day President Biden signed the bill, at least one FBI official was instructing analysts to continue taking full advantage of the backdoor action that had managed, once again, to avoid being hit with any restrictions or warrant requirements. Here’s Dell Cameron and William Turton with the details for Wired:

Obtained by WIRED, an April 20 email authored by FBI deputy director Paul Abbate to employees states: “To continue to demonstrate why tools like this are essential to our mission, we need to use them, while also holding ourselves accountable for doing so properly and in compliance with legal requirements.” [Emphasis his.]

Added Abbate: “I urge everyone to continue to look for ways to appropriately use US person queries to advance the mission, with the added confidence that this new pre-approval requirement will help ensure that those queries are fully compliant with the law.”

Rather than acknowledge the near-miss, the deputy director went the other way, insisting the best way to demonstrate the real-world value of warrantless access is to engage in even more warrantless access. Abbate’s email is couched in language that suggests analysts should do all they can to ensure they don’t violate internal policies or FISA-ordered restrictions. But it still encourages FBI agents to “look for” reasons to obtain US persons’ communications, which suggests at least some caution should be thrown to the wind if necessary.

Not a great look, even if Abbate takes time to stress accountability. But it’s only internal accountability and there’s no reason to believe this accountability is any better than the accountability (or, rather, the lack thereof) it has demonstrated when doing business with the FISA court.

But there’s another reason the FBI shouldn’t be encouraging more use of a program that has been abused incessantly since its inception: more use means more opportunities for abuse. That’s just the way things are. There’s no getting around it. While it may result in a smaller overall percentage of abusive searches, it will result in more total abusive searches. You would hope an agency that nearly got hit with a warrant requirement would show a bit more caution as it moved forward, rather than send out a “do as many searches as you can” email to FBI analysts with access to 702 collections.

Then there’s the problem of the abuse, which hasn’t gone away. It’s difficult to determine how many times the FBI seeks access to US persons’ communications. It recently changed how it reported these searches, which resulted in precipitous drop in the number of total searches.

The bureau first began reporting the figure publicly in 2021, releasing the total number of times that these searches took place. That number was 2.9 million. Since then, the FBI has “updated its counting methodology” to count only unique searches. (To wit, running the same phone number through the database multiple times a year now counts as a single search.) As a result, at least in part, the number dropped to 119,383 the following year. In 2023, under more stringent guidelines, it dropped further, to 57,094.

So, there’s no telling how many searches are actually being performed. The FBI has only been reporting these numbers for three years and it has already changed its “counting methodology” once. That could mean internal and external restrictions have actually resulted in less access to US person’s communication. Or it could mean analysts are accessing these communications just as often as they did in 2001, but have found a way to report these numbers to make it look as though the agency has reined in this access a bit. Then again, it might mean the FBI is doing more but reporting less by bundling searches to lower the total number of searches while giving it access to a greater number of communications. And there’s no way we’ll ever know what the FBI is actually doing without an outside audit of its Section 702 activities, something the agency is likely to oppose, obstruct, and otherwise delay from being made public.

As for the “full compliance” Abbate suggests analysts should strive for, it would appear to be little more than deciding whether or not to click a check box or “I Understand” button before engaging in a backdoor search of US persons’ communications.

While touting its 98% “compliance” rate en route to securing a clean reauthorization of its warrantless access, FBI officials and the Justice Department said this:

In a statement earlier this year, the FBI claimed that many of these errors are the result of its employees failing to label whether a search, in fact, targeted a “US person.”

Not exactly reassuring. Unless these searches are audited thoroughly and regularly, the actual error rate will be impossible to determine. And not every error will actually be an error. Some will be unapproved searches being treated as “compliant” just because the correct button was clicked by the analyst performing the search.

While it is quite possible the FBI is handling its powers more responsibly these days, the fact is that it’s a pretty low bar to reach. The FBI abused its access for years. Only very recently did it appear to show any interest in limiting abuse. And that mostly seemed motivated by its desire to dodge a warrant requirement, rather than contrition for past misconduct. And now that the “new” Section 702 has expanded the list of potential communication sources, we can safely expect the problem the FBI has done little to control will actually get worse in the years to come.

Filed Under: 4th amendment, backdoor searches, fbi, nsa, paul abbate, privacy, section 702, surveillance, warrantless surveillance

Senate Approves Section 702 Reauthorization, Keeps Only The Bad Stuff

from the two-more-years-before-we-get-to-do-this-all-over-again dept

The government had a few years to sort this out, but as usual, the final call came down to the last minute. Shortly after Section 702 expired at midnight, April 19, the Senate pushed through a two-year reauthorization — one pretty much free of any reforms.

This happened despite there being a large and vocal portion of the Republican party seeking to curb the FBI’s access to these collections because some of their own had been subjected to the sort of abuse that has become synonymous with the FBI’s interaction with this particular surveillance program.

The reauthorization passed to the Senate from the House had been stripped of a proposed warrant requirement and saddled with an especially expansive definition of the term “electronic communication service provider.” Here’s how Senator Ron Wyden explained it while speaking out against the amendment:

Now, if you have access to any communications, the government can force you to help it spy. That means anyone with access to a server, a wire, a cable box, a wifi router, a phone, or a computer. Think about the millions of Americans who work in buildings and offices in which communications are stored or pass through.

After all, every office building in America has data cables running through it. These people are not just the engineers who install, maintain and repair our communications infrastructure; there are countless others who could be forced to help the government spy, including those who clean offices and guard buildings. If this provision is enacted, the government could deputize any one of these people against their will, and force them to become an agent for Big Brother.

For example, by forcing an employee to insert a USB thumb drive into a server at an office they clean or guard at night.

This could all happen without any oversight. The FISA Court won’t know about it. Congress won’t know about it. The Americans who are handed these directives will be forbidden from talking about it. And unless they can afford high priced lawyers with security clearances who know their way around the FISA Court, they will have no recourse at all.

So, instead of reform, we’re getting an even worse version of what’s already been problematic, especially when the FBI’s involved. As the clock ticked down on this vote (but not really: the FISA court had already granted the Biden administration’s request to keep the program operable as-is until 2025), attempts were made to strip the bill of this dangerous addition and add back in the warrant requirement amendment that had failed in the House.

None of this worked, as Gaby Del Valle reports for The Verge:

Sens. Ron Wyden (D-OR) and Josh Hawley (R-MO) introduced an amendment that would have struck languagein the House bill that expanded the definition of “electronic communications service provider.” Under the House’s new provision, anyone “who has access to equipment that is being or may be used to transmit or store wire or electronic communications.” The expansion, Wyden has claimed, would force “ordinary Americans and small businesses to conduct secret, warrantless spying.” The Wyden-Hawley amendment failed 34-58, meaning that the next iteration of the FISA surveillance program will be more expansive than before.

Both Sens. Paul and Dick Durbin (D-IL) introduced separate amendments imposing warrant requirements on surveilling Americans. A similar amendment failed in the House on a 212-212 vote. Durbin’s narrower warrant requirement wouldn’t require intelligence agencies to obtain a warrant to query for those communications, though it requires one to access them.

The version headed to the president’s desk is the worst version. The rush to push this version of the bill through possibly gained a little urgency when two unnamed service providers informed the government they would stop complying with FISA orders pretty much immediately if the Senate didn’t renew the program.

One communications provider informed the National Security Agency that it would stop complying on Monday with orders under Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas — including when they text or email people inside the United States.

Another provider suggested that it would cease complying at midnight Friday unless the law is reauthorized, according to the people familiar with the matter, who spoke on the condition of anonymity to discuss sensitive negotiations.

We’ll never know how empty these threats might have been or if the Intelligence Community would have even noticed the brief interruption in the flow of communications. Section 702 has been given a two-year extension in the form approved by the Senate, superseding the FISA Court’s blessing of one more year of uninterrupted spying if discussions over renewal blew past the April 19, 2024 deadline.

If you’re a fan of bipartisan efforts — no matter the outcome — well… enjoy your victory, I guess. But there’s nothing about this renewal debacle that can actually be called a win. Unless you’re the FBI, of course. Then it’s all gravy.

Filed Under: 4th amendment, fbi, fisa, nsa, ron wyden, section 702, surveillance

Congress Decides To Give FBI Another Free Pass On Section 702 Abuses

from the I-guess-we're-just-going-to-let-the-FBI-cook dept

It looks like we’re headed to several more years of the same old abuse. The House vote on Section 702 reauthorization — something postponed several times since EOY2023 due to infighting and out-fighting — has indicated that whatever concerns people might have about warrantless access to US persons’ communications can be handled the next time Section 702 is up for renewal.

The fourth time (yes, the fourth) was the charm for House Republicans when the lower chamber of Congress on a bipartisan basis voted to renew a controversial spying law, not without plenty of hiccups along the way.

The House approved reauthorization of the Foreign Intelligence Surveillance Act, or FISA, by a vote of 273-147, on Friday, with most of the bill’s dissenters coming from the body’s civil-liberty minded ultraconservative and progressive factions.

The law’s strongest advocates come from the intelligence committee, who say FISA’s warrantless surveillance provisions are essential to protecting national security.

And there you have it. A clean reauthorization is now headed to the Senate. All the House Republicans who converted their Deep State conspiracy theories into a demand for a warrant requirement found themselves matched evenly with Democrats who refused to give the Republicans what they wanted, even if it would have resulted in better protections for all Americans, not just the Americans House Speaker Mike Johnson thought were worth protecting (i.e., just congressional reps).

A measure requiring federal agents to get a warrant before searching American communications collected as part of foreign intelligence failed to pass the House of Representatives today. The measure received 212 votes for and 212 votes against.

“This is a sad day for America,” said Rep. Thomas Massie (R–Ky.). “The Speaker doesn’t always vote in the House, but he was the tie breaker today. He voted against warrants.”

But it was largely Democrats who sank the warrant requirement. House Democrats voted against the measure 84–126, while Republicans voted for the measure 128–86.

So, there will be no warrant requirement contained in the House reauthorization. Instead, we’re stuck with what will likely be a clean re-up of Section 702 surveillance — something that includes FBI access to US persons’ communications that it has never not abused since it was granted access to this collection.

Members of the Senate have their own warrant requirement amendment to pitch, but it was thought the House — where Trump acolytes are suddenly enamored with the possibility of punishing the FBI for its excesses — might be the first place for a Section 702 warrant requirement to be voted into existence. Sadly, it was the other side of the aisle that ruined this, apparently unwilling to give House Republicans a win that would have resulted in better protections for their constituents.

The clock continues to tick down to the April 19 postponement. But, given what’s been seen here, a majority of representatives seem to feel maintaining the status quo is preferable to demanding the FBI respect the Constitution when accessing NSA collections. There’s a small chance the Senate (led by Ron Wyden’s endless pursuit of surveillance reform) can institute a warrant requirement. But, for the most part, the partisan infighting has led to nothing more than a blanket extension of the same stuff that has been problematic for years. And every year this issue goes ignored solidifies the FBI’s casual abuse of constitutional rights.

Filed Under: 4th amendment, accountability, congress, fbi, fisa, mike johnson, nsa, section 702, surveillance, warrant

Partisan Bullshit Tanks House Section 702 Reform Efforts

from the fuck-the-constituents dept

It took the FBI carelessly, stupidly, and unlawfully targeting members of Trump’s inner circle to make Section 702 program reform a thing that might actually happen.

It’s kind of astounding, considering the Snowden leaks provided a much better argument for reform, as well as the FBI’s long-documented history of abusing its access to Section 702 collections to engage in warrantless surveillance of American citizens.

But it wasn’t until a former Trump advisor and Trump acolyte in the House got caught up in the FBI’s dragnet that things started to look a little grim for supporters of clean reauthorization. Years of abuse was considered fine right up until it affected people who mattered… at least to themselves and the former president they idolize.

There’s been plenty of opposition to unchecked surveillance over the years, but it has almost always been led by Senator Ron Wyden. Wyden’s efforts have been shot down by his own colleagues, who have been unwilling to challenge the Intelligence Community’s claims nothing about any surveillance authority should ever be changed because terrorism.

More than two decades after the 9/11 attacks, this attitude remains in full force. But it has been made worse by hyper-partisanship — something actively encouraged by Donald Trump during his term in office and made worse by Republicans who both want to ingratiate themselves with a former president as well as show their voting base they’re doing something to address Deep State conspiracies they’ve been stoking since Trump first took office.

The thing is this could have led to meaningful reforms, even if the motivations were highly suspect. As for the FBI, it offered only two arguments in defense of its warrantless access to US persons’ communications: (1) TERRORISM!, and (2) [hilariously] pretty much all of our searches of Section 702 collections are unlawful if you bring the Fourth Amendment into it.

The vote on extending Section 702 has been pushed back several times. Reform efforts (again led by Wyden) have been mounted. The rep heading the House Intelligence Community also pushed his own set of “reforms,” but they did nothing more than provide protections to congressional members who might find themselves subjected to the FBI’s continuous surveillance abuses.

The vote in House on proposed reforms and Section 702 reauthorization has given the FBI a free pass until the next renewal. As Elizabeth Nolan Brown notes for Reason, Democrats unwilling to give Republicans what they wanted (even if it meant better protections for their constituents) overwhelmingly voted in favor of an unaltered continuation of everything that’s been abused for years.

A measure requiring federal agents to get a warrant before searching American communications collected as part of foreign intelligence failed to pass the House of Representatives today. The measure received 212 votes for and 212 votes against.

“This is a sad day for America,” said Rep. Thomas Massie (R–Ky.). “The Speaker doesn’t always vote in the House, but he was the tie breaker today. He voted against warrants.”

But it was largely Democrats who sank the warrant requirement. House Democrats voted against the measure 84–126, while Republicans voted for the measure 128–86.

There’s the partisan split. That’s how you end up with a tie, which means the unaltered Section 702 moves on to the Senate for a vote. Had just a few Democrats been willing to place the concerns of Americans ahead of their own antipathy towards those on the other side of aisle, a warrant requirement might have been put in place on the House side of things.

But that didn’t happen. And part of the reason that didn’t happen is because the top-ranking Democrat on the House Intelligence Committee decided to swing votes by lying to his fellow representatives. Dell Cameron brings the news and the screenshots:

Cameron’s post for Bluesky says:

The head Dem on House Intel was caught by Politico reporter blasting disinformation out to colleagues ahead of a vote on the 702 wiretap program

Following that were screenshots of tweets (or whatever the fuck) made by Politico reporter Jordain Carney about the last-minute lobbying performed by Congressman Jim Himes, a Democrat representing Connecticut.

If you can’t see/read the screenshots, here’s what they say:

Peak into some of the behind-the-scenes lobbying on 702 ahead of today’s vote:

Himes sent a text to colleagues, explaining that he opposes warrant requirement, calling it an “extreme amendment that goes far beyond” what PCLOB [Privacy and Civil Liberties Oversight Board] recommends, per message I saw,

But…

Sharon Bradford Franklin (chair of the PCLOB, speaking in individual capacity) told me this morning: “I strongly disagree with the characterization” of the amendment “as going far beyond what the PCLOB recommends”

Called it “consistent” and in many ways “similar” to majority rec

_Added that PCLOB report notes it would support Congress going further and said the amendment includes similar exceptions to what P_CLOB recommended

In other words, Rep. Himes didn’t like what he was hearing from the PCLOB (if, indeed, he bothered to check its views at all) and didn’t want the Republicans to get a win, so he actively misrepresented the PCLOB’s views to swing votes in favor of clean reauthorization. We’ll never know how many Democrats he swung to his side by doing this but the voting tally suggests a lot of Democrats either bought into Himes’ bullshit or simply couldn’t bear giving House Republicans a win… even if that win would have respected Americans’ rights and (as a bonus) shut down the pro-surveillance efforts of the Republican leader of the House Intelligence Committee.

This now moves on to the Senate, which has its own suggestions for reform. Fortunately, Ron Wyden is a senator, which means there’s still a chance the FBI will be subject to warrant requirements if it wants to search NSA data for US persons’ communications. Here’s the latest from Wyden, who has spent his entire career pushing back against surveillance power expansions:

U.S. Senator Ron Wyden, D-Ore., vowed to oppose legislation passed by the House of Representatives that would reauthorize Section 702 of FISA and expand warrantless surveillance, in a statement today.

“The House bill represents one of the most dramatic and terrifying expansions of government surveillance authority in history,” Wyden said. “It allows the government to force any American who installs, maintains, or repairs anything that transmits or stores communications to spy on the government’s behalf. That means anyone with access to a server, a wire, a cable box, a wifi router, or a phone. It would be secret: the Americans receiving the government directives would be bound to silence, and there would be no court oversight. I will do everything in my power to stop this bill.”

Section 702 remains, at least partially, on the ropes. The FBI’s abuses might finally see themselves curtailed by codification, something that would be far more permanent than its own voluntary oversight efforts or the FISA court’s periodic reprimands. No matter how disingenuous the effort being made by many Republicans is, the end result would be better protections for all Americans — something that can’t be easily undone no matter who’s sitting the White House in 2025.

Filed Under: 4th amendment, fbi, mass surveillance, nsa, partisanship, section 702, surveillance, warrants

Legislator Apparently Used Slides Of NYC Protests In His Pitch For Reauthorizing Section 702 Surveillance

from the I-guess-it's-cool-if-you-don't-like-the-protesters dept

As the debate over Section 702 continues, more weird stuff keeps happening. For once, there’s serious opposition to a clean renewal, and it’s coming from both sides of the legislature. Then there are things like this, which is one of the stranger incidents to accompany a surveillance fight, as reported by Dell Cameron for Wired.

At a private meeting about the reauthorization of a major United States surveillance program late last year, the Republican chairman of the US House Permanent Select Committee on Intelligence (HPSCI) presented an image of Americans protesting the war in Gaza while implying possible ties between the protesters and Hamas, an allegation that was used to illustrate why surveillance reforms may prove detrimental to national security, WIRED has learned. Sources who attended the meeting say it alarmed Republicans who are pursuing new limits on the US government’s power to warrantlessly access the communications of US citizens.

Yeah, that should alarm everyone, not just Republicans looking for any reason to stick it to the FBI after a few of their own (Trump supporters all) got swept up by the Bureau’s warrantless access to the NSA’s ostensibly foreign-facing collection.

Now, there are lots of reasons most Republicans aren’t happy with this development. The first reason was listed in the previous paragraph. They also may not like protesters being placed under surveillance because many of them still make excuses for the insurrectionists in their midst and love to portray the January 6th invasion of the Capitol building as a protest that just got a little out of hand.

Republicans are also aware this is an executive power and right now they don’t have their own guy as Chief Executive. That’s another reason to oppose a clean reauthorization of Section 702 surveillance powers. The fact that Biden himself has asked for clean reauthorization is another reason to oppose it, even if they might have supported one with Trump still in office.

But this is still pretty disturbing, all politics aside. HPSCI Chairman Mike Turner apparently felt these slides were appropriate for a discussion of a foreign-facing surveillance power — one that’s come under considerable fire for the FBI’s constant, casual abuse of this collection to engage in warrantless domestic surveillance.

Mike Turner, of course, doesn’t really want anything to happen to Section 702. And, given this presentation, it seems clear he doesn’t mind if the FBI uses it to target American citizens, even those engaged in protected First Amendment activities. Faced with an actual reform bill that would codify a warrant requirement for accessing US persons’ communications, Turner fired off a competing “reform” proposal.

His proposal would have codified the FBI’s voluntary changes (which do not include a warrant requirements) and exempt people like him from being targeted by backdoor searches of NSA collections. His reform would force the FBI to notify Congress members if they had been subject to a 702 query and seek permission from certain government officials before gathering information that might include communications harvested by the NSA. As for the rest of us, nothing.

Turner’s briefing — and his startling PowerPoint presentation — were part of a concerted effort to talk legislators into dropping the proposed warrant requirement. I guess the good news is that this attempt failed spectacularly and may have even pushed some people off the fence towards the side demanding warrants.

As you read the next few paragraphs, keep in mind this is coming from the head of the House Intelligence Committee, which is not only a committee (meaning several legislators are involved) but one with access to actual intelligence (in the spy sense of the word), interns, staffers, advisors, aides, and any number of people who might have been able to head this off before it happened.

Instead, now that it’s been made public, the PR wing of the HPSCI has offered up whatever the fuck this is:

A spokesperson for the House Intelligence Committee said in an email on Friday that the protesters depicted in the slide had “responded to what appears to be a Hamas solicitation.”

A WIRED review of the slides shown by Turner casts doubt on that claim. Notably, while the two slides were portrayed as being related to a single protest in November outside Senate majority leader Chuck Schumer’s Brooklyn residence, WIRED has since learned that the slides reference two separate events that occurred nearly a month apart.

What’s more, the allegation that the protesters were following Hamas’ lead is based on a post on X that contains false information about who organized one of these two events.

Jeff Naft, the HPSCI spokesperson, further stated that the purpose of the slides was to “illustrate” that even if the pictured protesters “had ties to Hamas,” they could not be lawfully surveilled using Section 702.

I have no reason to believe that was the original intent of the slides. But even if it was, no one who viewed this presentation saw it that way, as Cameron reports.

“At the outset of the presentation, he’s running through slides, making his case for why 702 reauthorization is needed,” a senior Republican aide tells WIRED. “Then he throws up that photo. The framing was: ‘Here are protesters outside of Chuck Schumer’s house. We need to be able to use 702 to query these people.’”

Another aide in attendance said: “The sentiment was that [Turner] wanted to know if these people were talking to Hamas. That’s how I interpreted why he brought up those slides.”

That appears to have been the intent, no matter what Turner’s spokesperson is saying after the fact. If Naft is supposed to be the spin doctor, the HPSCI needs to sue him for malpractice.

And even if anyone in attendance agreed with Turner’s insinuation that pro-Palestinian protesters should be placed under the Section 702-enabled microscope, at least they’re smart enough to realize how this sort of thing works if it becomes the FBI’s new pattern-and-practice following reauthorization:

“What we know for sure is this,” a Republican aide says, “However the government decides to treat left-wing protesters today, that’s how we should expect protesters in our party to be treated under future administrations.”

That’s how it works. Surveillance powers like Section 702 cross administrations. They don’t align with election years. And that should nudge more legislators to consider what’s best in the long run, rather than what’s politically expedient. And, no matter how you feel about the FBI and its steady dipping into the NSA pool, you should never try to insinuate that political protesters should be subjected to domestic surveillance.

Filed Under: 1st amendment, 4th amendment, domestic surveillance, free speech, nsa, protests, section 702, surveillance

Biden Administration Shouts ‘ONE MORE YEAR! ONE MORE YEAR!’ As Section 702 Stalemate Continues

from the only-if-FBI-agents-show-up-with-stuff-scrawled-on-posterboard dept

There are a variety of reasons to alter, if not actually end, the Section 702 collection. Whatever value it may have in terms of national security, the very real fact is that it has been endlessly abused by the FBI since its inception.

It’s a foreign-facing collection, which means it harvests communications and data involving foreign targets of US surveillance. But there’s a massive backdoor built into this collection. Collecting foreign communications often means collecting US persons’ communications with foreign persons or entities.

That’s where the FBI has gone interloping with alarming frequency. US persons’ communications are supposed to be masked, preventing the FBI from engaging in warrantless surveillance of US-based communications. This simply hasn’t happened. And the FBI has not only performed second-hand abuse of this collection regularly, but it has equally regularly refused to be honest with the FISA court about its activities.

The latest rejection of a clean reauthorization of Section 702 has nothing to do with the FBI’s continuous refusal to play by the rules. Instead, it has to do with the few times it decided to engage in some backdoor action that targeted the party in power or people temporarily involved with inflicting four years of Donald Trump on a nation that was definitely greater before someone started promising to make it great again.

However, the FBI — despite having abused its access for years — continues to insist the program should not be ended or altered. It has actually admitted its backdoor searches would otherwise be illegal without this program and its side benefits — something that should have hastened legislators on both sides of the political aisle to shut the whole thing down until these critical flaws were patched.

Instead, the whole thing have devolved into the expected in-fighting. Some legislators proposed meaningful reforms to the program, which were soundly rejected by a lot of Republicans simply because some Democrats were involved. The Republicans heading up the House Intelligence Committee proposed their own reforms, but the only thing they really wanted to change was the FBI’s ability to place Republicans under surveillance.

Meanwhile, the Biden Administration has decided the FBI is right, no matter how often it’s been wrong. Ignoring years of casual abuse, the Biden team has pushed for a clean reauthorization — something it may not have done if it weren’t for all the Republicans demanding (mostly for self-serving reasons) the program be ended or altered.

Unfortunately, Section 702 continues to live on, even if it’s in an unresponsive coma at the moment. Rather than let the surveillance authority expire, a bi-partisan effort did the country dirty by extending it until April 2024 where it could be further disagreed about following the return of Congressional reps to Capitol Hill.

April just isn’t good enough, apparently. The Biden Administration wants to buy even more time without any termination or authorization, presumably in hopes that the current furor will die down and this executive power will be granted a clean re-authorization. (Of course, by that point, there may be an actual Fuhrer in play, given Donald Trump’s early sweeps of critical primaries.)

Here’s Charlie Savage with more details for the New York Times:

The Biden administration is moving to extend a disputed warrantless surveillance program into April 2025, according to officials familiar with the matter.

The decision by the administration, which requires asking for court approval, seemed likely to roil an already turbulent debate in Congress over its fate. The program has scrambled the usual partisan lines, with members of both parties on each side of seeing the program as potentially abusive of civil liberties or as necessary for protecting national security.

This is probably preferable to holding a budget bill hostage in an executive office display of “I’ll hold my breath until I get my way.” And it’s preferable to Republican efforts to alter Section 702 simply to protect themselves from illegal surveillance. But it’s definitely not preferable to actually engaging with the inherent problems of this surveillance program, all of which seem to lead back to the FBI and its insistence on abusing its access.

This throws these problems on the back burner for another year. And it will be yet another year where the FBI abuses its access. We can make this assumption because there’s never been a year where the FBI hasn’t abused this surveillance power. Refusing to address an issue that’s been publicly acknowledged for several years now just to ensure the NSA doesn’t lose this surveillance program is irresponsible. The Biden Administration’s apparently tactic agreement with assertions made by an agency that has proven it can’t be trusted doesn’t bode well for anyone.

And, if this yearlong reprieve results in a clean reauthorization, the Biden Administration will quite possibly be handing this renewed power to Republicans now allowed to engage in their worst excesses, thanks to the re-election of Dumpster Fire Grover Cleveland.

The best thing the current administration could do at this point is allow the authority to die, which would force Republicans who love power (but hate to see it wielded against them) try to reconcile their desire for a surveillance state with the inevitable reality they will sometimes be on the receiving end of this surveillance. The worst thing it can do is what it’s doing now: pressing the pause button because it doesn’t have the desire or willingness to go head-to-head with an agency that claims — without facts in evidence — the only way it can keep this country secure from foreign threats is by warrantlessly spying on Americans.

Filed Under: biden administration, fbi, fisa court, joe biden, mass surveillance, nsa, section 702, surveillance

Section 702 Powers Back On The Ropes Thanks To Partisan Infighting

from the whatever-it-takes dept

I’m normally not a “ends justifies the means” sort of guy, but ever since some House Republicans started getting shitty about Section 702 surveillance after some of their own got swept up in the dragnet, I’ve become a bit more pragmatic. Section 702 is long overdue for reform. If it takes a bunch of conveniently angry legislators to do it, so be it.

The NSA uses this executive authorization to sweep up millions of “foreign” communications. But if one side of these communications involves a US person, the NSA is supposed to keep its eyes off of it. The same thing goes for the FBI. But the FBI has spent literal decades ignoring these restraints, preferring to dip into the NSA’s data pool as often as possible for the sole reason of converting a foreign-facing surveillance program into a handy means for domestic surveillance.

The FBI’s constant abuse of this program has seen it scolded by FISA judges, excoriated by legislators actually willing to stand up for their constituents’ rights, and habitually abused verbally at internet sites like this one.

Not that it has mattered. For years, the NSA (and, by extension, the FBI) has been given a blanket blessing of their spy programs by legislators who have been convinced nothing but a clean re-authorization is acceptable in terrorist times like these.

Fortunately for all of us, the future of Section 702 remains in a particularly hellish limbo. As Dell Cameron reports for Wired, Republicans are going to war against other Republicans, limiting the chances of Section 702 moving forward without significant alteration.

The latest botched effort at salvaging a controversial US surveillance program collapsed this week thanks to a sabotage campaign by the United States House Intelligence Committee (HPSCI), crushing any hope of unraveling the program’s fate before Congress pivots to prevent a government shutdown in March.

_An agreement struck between rival House committees fell apart on Wednesday after one side of the dispute—represented by HPSCI—ghosted fellow colleagues at a crucial hearing while working to poison a predetermined plan to usher a “com_promise bill” to the floor.

This makes it sound like this is a bad thing. It isn’t, even if those thwarting a clean re-auth have extremely dirty hands. Legislators should definitely take a long look at this surveillance power, especially when it’s been abused routinely by the FBI to engage in surveillance of US persons who are supposed to be beyond the reach of this foreign-facing dragnet.

Some in the House want the FBI to pay for what it did to Trump loyalists. Some in the House want the FBI to do whatever it wants, so long as it can claim it’s doing (our?) God’s work in its counterterrorism efforts. Excluded from the current infighting are people who actually give a damn about limiting surveillance abuses, shunted to the side by political opportunists, loudmouths, and far too many legislators who refuse to hold the FBI accountable.

What’s odd about this scuttling is the reason it happened. It had nothing to do with Section 702 and everything to do with the government’s predilection for buying data from brokers to avoid warrant requirements erected by Supreme Court rulings.

The impetus for killing the deal, WIRED has learned, was an amendment that would end the government’s ability to pay US companies for information rather than serving them with a warrant. This includes location data collected from cell phones that are capable in many cases of tracking people’s physical whereabouts almost constantly. The data is purportedly gathered for advertising purposes but is collected by data brokers and frequently sold to US spies and police agencies instead.

Senior aides say the HPSCI chair, Mike Turner, personally exploded the deal while refusing to appear for a hearing on Wednesday in which lawmakers were meant to decide the rules surrounding the vote. A congressional website shows that HPSCI staff had not filed one of the amendments meant to be discussed before the Rules Committee, suggesting that at no point in the day did Turner plan to attend.

And that’s where we are now: legislators refusing to authorize one form of domestic surveillance because it would rather give the feds a pass on a much more prevalent form of domestic surveillance. The former once ensnared some of Trump’s buddies. The latter has yet to do so.

The infighting continues, with one side being rallied by none of than Fox News, which prefers to cater to its base, rather than provide any reporting or analysis that might accurately portray current events. The spin being pushed by Fox claims the alterations added to the bill would somehow prevent the NSA (and, by extension, the FBI) from surveilling foreign terrorists.

A Fox News report published Thursday morning, while accurately noting that it was Turner’s threat that forced Johnson to cancel the vote, goes on to cite “sources close to the Intelligence Committee” who offered analysis of the events. The sources claimed that Turner was compelled to abandon the deal because the “compromise bill” had been sneakily altered in a manner that “totally screws FISA in terms of its ability to be a national security tool.”

While redirecting blame away from Turner and his cohorts, the claim is both false and deceptive, relying on assertions that, while farcical perhaps to legal experts, would be impossible for the public at large (and most of the press) to parse alone.

Section 702 still has a good chance to survive intact. This infighting actually makes it much less likely any true reform will take place. Grandstanding has replaced oversight. But, at least for now, we can be assured the surveillance program will remain one step away from being ditched until House Republicans can reconcile their desire to protect people like Carter Page with their desire to treat everyone a little bit on the brown side as a potential terrorist.

Filed Under: fbi, fisa, house intelligence committee, mass surveillance, mike turner, nsa, russia, section 702

We Shouldn’t Allow A New Super Secret Surveillance Court Cover Up The Civil Liberties Problems Of The Old Super Secret Surveillance Court

from the not-fixing-the-problem dept

For years now we’ve been covering the big ongoing fights between the US and the EU regarding the transfer of user data across the Atlantic. The main issue was that due to somewhat different data protection/privacy laws between the EU and the US, the two keep trying to work out a “deal” that allows (mostly) US companies to stores data from EU users on servers in the US. This transatlantic data flow agreement is important. It would be difficult for many US companies to offer services to EU citizens without it.

But it’s been a fucking mess for over a decade. Almost entirely because of US surveillance programs.

The agreements to handle this have gone by various names, starting with the EU/US Privacy “safe harbor,” and then later the “Privacy Shield.” In both cases, those agreements were eventually rejected by the EU Court of Justice, almost entirely because of the very big problem of the US’s surveillance activities, mostly overseen by the secretive FISA Court. (As a side note, EU government surveillance is in many ways worse than the US’s similar surveillance efforts, but somehow that never comes up in any of these discussions… but, I digress…).

Back in the fall of 2022, the EU and the US excitedly announced a new agreement to replace the old rejected agreements. Yet, as we pointed out at the time, unless they agreed to stop NSA surveillance on basically all electronic communications outside of the US, it wasn’t clear how it would actually fix the underlying reason these agreements keep getting thrown out.

As Politico recently detailed, the way the US has “fixed” this in the new privacy agreement… is to set up an entirely new, entirely secretive surveillance court. What could go wrong?

Officially known as the Data Protection Review Court, it was authorized in an October 2022 executive order to fix a collision of European and American law that had been blocking the lucrative flow of consumer data between American and European companies for three years.

The court’s eight judges were named last November, including former U.S. Attorney General Eric Holder. Its existence has allowed companies to resume the lucrative transatlantic data trade with the blessing of EU officials.

The details get blurry after that.

The court’s location is a secret, and the Department of Justice will not say if it has taken a case yet, or when it will. Though the court has a clear mandate — ensuring Europeans their privacy rights under U.S. law — its decisions will also be kept a secret, from both the EU residents petitioning the court and the federal agencies tasked with following the law. Plaintiffs are not allowed to appear in person and are represented by a special advocate, appointed by the U.S. attorney general.

That doesn’t seem that great.

Also, this new quasi-court has some other oddities, including that it is open to Europeans, but not Americans.

U.S. residents who suspect they are under improper surveillance cannot go to the Data Protection Review Court. Under U.S. law, they can go to a federal court — but only if they can show a concrete wrong or harm that gives them legal standing, which presents a Catch-22, since they can’t prove what they don’t know.

Adam Klein, former chair of the Privacy and Civil Liberties Oversight Board, an independent agency within the Executive Branch, pointed to former Trump campaign adviser Carter Page as the type of individual who could have benefited from a mechanism like the DPRC. Page was surveilled by the FBI during the 2016 presidential election as part of a probe into Russian influence in U.S. politics — and Justice Department inspector general investigation later found a swath of errors and material omissions in the documents used to seek the surveillance warrant. An FBI lawyer ultimately pleaded guilty to altering a document used for that warrant.

But Page himself had little recourse. He filed a lawsuit in 2020 seeking $75 million from the government and several current and former FBI and DOJ officials for violating his constitutional rights. A federal judge called the FBI’s conduct “troubling,” but ultimately found the law bars Page from pursuing a civil lawsuit. An appeal is pending.

Now, with the DPRC in place, “We’re in an odd place when non-residents have easier access to a place to raise their concerns about U.S. government surveillance than Americans do,” said Klein.

But even Europeans have no clear path to using this court that is so secretive no one’s even entirely sure if it’s actually opened for business.

According to the executive order, getting before the DPRC starts with a long preliminary process: a citizen complaint first has to shuttle between an EU data protection official and the U.S.’ Office of the Director of National Intelligence, which decides whether there was a civil rights violation from the data collection.

Regardless of the results, the response to the initial complaint will neither confirm or deny that the EU resident was under U.S. surveillance. The response will say there either was no violation found, or that there was a violation found and that the U.S. government took appropriate steps to resolve it. It won’t specify which one.

The EU resident can then appeal directly to the DPRC in America, — with the assistance of a court-appointed special advocate. That advocate will have the details from the underlying ODNI decision — although that decision remains off-limits to the person making the appeal.

“What are you going to write in the appeal? Nothing, because you don’t know what the answer is,” Schrems said. “As a lawyer, it’s really hard that you’ll ever win a case by saying ‘I appeal’ without saying what your problem is with the decision.”

While this seems to be a setup designed to make bureaucrats on either side of the Atlantic pretend they’re doing something useful, it’s hard to see how it will actually solve the underlying problems. Which, again, are because of NSA surveillance rubber stamped by the other secretive court, the FISA Court.

Stacking up more secretive courts does not seem like a real solution. Fixing overly broad, mass surveillance is.

But apparently that’s off the table.

Filed Under: data protection review court, eu, nsa, privacy shield, secrecy, surveillance, transatlantic data flows

Well, That’s Everyone: Senator Wyden Letter Confirms The NSA Is Buying US Persons’ Data From Data Brokers

from the you'd-think-the-NSA-would-have-a-better-data-plug dept

Buying domestic data from data brokers is just something the government does all the time. Bypassing restraints enacted by the Supreme Court, federal agencies (along with local law enforcement agencies) are hoovering up whatever domestic data they can from private companies all too happy to be part of the problem.

Sure, the government can pretend the Third Party Doctrine applies here. But chances are that most of this data being collected by phone apps and other services isn’t being collected with the full knowledge of device users. This is the sort of thing that’s hidden in the deep end of Terms of Use boilerplate, suckering people out of all kinds of data because they made the mistake of assuming a seemingly-innocuous match-3 game wouldn’t attempt to ping their phone’s location and tie it to specific device IDs.

So, this latest news — as revealed by Senator Ron Wyden — is only surprising in terms of which agency is involved.

U.S. Senator Ron Wyden, D-Ore., released documents confirming the National Security Agency buys Americans’ internet records, which can reveal which websites they visit and what apps they use. In response to the revelation, today Wyden called on the administration to ensure intelligence agencies stop buying personal data from Americans that has been obtained illegally by data brokers. A recent FTC order held that data brokers must obtain Americans’ informed consent before selling their data.

“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal,” Wyden wrote in a letter to Director of National Intelligence (DNI) Avril Haines today. “To that end, I request that you adopt a policy that, going forward, IC elements may only purchase data about Americans that meets the standard for legal data sales established by the FTC.”

You’d think the NSA would be able to obtain this data without having to buy it from sketchy third-party vendors. I mean, it has erected one of the most pervasive surveillance apparatuses in the world. It’s completely capable of engaging in domestic surveillance. And, indeed, it often does! So why would it need to purchase something it can obtain (more legitimately[?]) from its own dragnets and risk having part of its collection techniques exposed?

There’s no clear answer to that question, other than it’s pretty easy to spend government money when you’ve got plenty of it. Wyden’s letter [PDF] goes into a bit more detail, but (for obvious reason) it’s not the equivalent of sneaking damning documents out of an NSA data center and handing them over to journalists after exiting the country.

That being said, it took Wyden holding a top NSA position hostage for the government to admit it was buying data from brokers to engage in domestic surveillance.

The secrecy around data purchases was amplified because intelligence agencies have sought to keep the American people in the dark. It took me nearly three years to clear the public release of information revealing the NSA’s purchase of domestic internet metadata. DoD first provided me with that information in March, 2021, in response to a request from my office for information identifying the DoD components buying Americans’ personal data. DoD subsequently refused a request I made in May, 2021, to clear the unclassified information for public release. It was only after I placed a hold on the nominee to be the NSA director that this information was cleared for release.

Wyden asks each “IC [Intelligence Community] element” to open an investigation into the purchase of data from data brokers, as well as an FTC investigation into the business practices of the data brokers themselves. Each IC component is also asked to provide “an inventory of personal data purchased” from data brokers.

Wyden’s letter deals with all data purchased from brokers, but specifically exposes the NSA’s acquisition of internet browser records, which show which sites users visit and which apps they use. The NSA’s denial — delivered to Wyden late last year — claims the NSA isn’t doing something else entirely.

[N]SA does not buy and use location data collected from phones known to be used in the United States either with or without a court order.

That’s the only firm denial in the letter and it only says things about location data, which isn’t what Wyden is expressing his concern about.

However, the NSA — in the same 2023 letter — admitted to doing exactly what Wyden accused it of:

NSA does buy and use commercially available netflow (i.e., non-content) data related wholly to domestic internet communications and internet communications where one side of the communication is a U.S. Internet Protocol address and the other is located abroad.

The NSA is admitting to domestic surveillance. Not the best look for an agency still hoping to resuscitate its reputation following several years of damning leaks, investigations, and inadvertent exposures. We already know the NSA is fully capable of “inadvertently” sweeping up US persons’ data and communications with its Section 702 collection. That’s the thing the FBI constantly abuses to engage in domestic surveillance. It should never need to buy this data from brokers because it has always been able to obtain it otherwise.

This appears to be the NSA collecting even more just because the situation presented itself, rather than for any demonstrated national security need. And that’s the sort of thing no American should be willing to treat as government business as usual.

Filed Under: 4th amendment, avril haines, data brokers, doj, domestic surveillance, internet records, location data, nsa, privacy, ron wyden, surveillance, third party doctrine