targets – Techdirt (original) (raw)
Algorithm Might Protect Non-Targets Caught In Surveillance, But Only If The Government Cares What Happens To Non-Targets
from the something-it-has-yet-to-show dept
Ashkat Rathi at Quartz points to an interesting algorithm developed by Michael Kearns of the University of Pennsylvania — one that might give the government something to consider when conducting surveillance. It gauges the possibility of non-targets inadvertently being exposed during investigations, providing intelligence/investigative agencies with warnings that perhaps other tactics should be deployed.
Rathi provides a hypothetical situation in which this algorithm might prove to be of use. A person with a rare medical condition they’d like to keep private visits a clinic that happens to be under investigation for fraud. This person often calls another family member for medical advice (an aunt who works at another clinic). This second person’s clinic is also under investigation.
When the investigation culminates in a criminal case, there’s a good chance the patient — a “non-target” — may have their sensitive medical information exposed.
If the government ends up busting both clinics, there’s a risk that people could find out about your disease. Some friends may know about your aunt and that you visit some sort clinic in New York; government records related to the investigation, or comments by officials describing how they built their case, may be enough for some people to draw connections between you, the specialized clinic, and the state of your health.
Even though this person isn’t targeted by investigators, the unfortunate byproduct is diminished privacy. This algorithm, detailed in a paper published by the National Academy of Sciences, aims to add a layer of filtering to investigative efforts. As Kearns describes it, the implementation would both warn of potential collateral damage as well as inject “noise” to make accidental exposure of non-targets minimal.
For such cases where there are only a few connections between people or organizations under suspicion, Kearns’s algorithm would warn investigators that taking action could result in a breach of privacy for selected people. If a law were to require a greater algorithmic burden of proof for medical-fraud cases, investigators would need to find alternative routes to justify going after the New York clinic.
But if there were lots of people who could serve as links between the two frauds, Kearns’s algorithm would let the government proceed with targeting and exposing both clinics. In this situation, the odds of comprising select individuals’ privacy is lower.
Potentially useful, but it suffers from a major flaw: the government.
Of course, if an investigation focused on suspected terrorism instead of fraud, the law may allow the government to risk compromising privacy in the interest of public safety.
Terrorism investigations will trump almost everything else, including privacy protections supposedly guaranteed by our Constitution. Courts have routinely sided with the government’s willingness to sacrifice its citizens’ privacy for security.
It’s highly unlikely investigative or intelligence agencies have much of an interest in protecting the privacy of non-targeted citizens, even in non-terrorist-related surveillance — not if it means using alternate (read: “less effective”) investigative methods or techniques. It has been demonstrated time and time again that law enforcement is more interested in the most direct route to what it seeks, no matter how much collateral damage is generated.
The system has no meaningful deterrents built into it. Violations are addressed after the fact, utilizing a remedy process that can be prohibitively expensive for those whose rights have been violated. On top of that, multiple layers of immunity shield government employees from the consequences of their actions and, in some cases, completely thwart those seeking redress for their grievances.
The algorithm may prove useful in other areas — perhaps in internal investigations performed by private, non-state parties — but our government is generally uninterested in protecting the rights it has granted to Americans. Too many law enforcement pursuits (fraud, drugs, terrorism, etc.) are considered more important than the rights (and lives) of those mistakenly caught in the machinery. If the government can’t be talked out of firing flashbangs through windows or predicating drug raids on random plant matter found in someone’s trash can, then it’s not going to reroute investigations just because a piece of software says a few people’s most private information might be exposed.
Filed Under: algorithm, michael kearns, non-targets, privacy, surveillance, targets, warrants
US Counterterrorism Official Says US Is 'The Angel Of Death' And Should Be Target Killing ISIS Tweeters
from the winning-hearts-and-minds dept
A few weeks ago there was a fair bit of controversy after a US drone-strike killed an ISIS “hacker” who was, among other things, popular on Twitter. While US officials tried to paint him as a much bigger deal behind the scenes, some are now admitting that he was just noisy online. ABC News is reporting on the supposed internal debate among US counterterrorism officials concerning how to best deal with ISIS Twitter users. Some are arguing that these guys are small time annoyances, while others are arguing that we should just straight up kill ISIS tweeters. This next quote is fairly incredible.
?We are the angel of death. This war is a propaganda war too. Why only limit it to military leaders? Should we be ignoring the propagandists that speak English and are tech savvy who know how to reach westerners?? a senior counter-terrorism official knowledgeable about the counter-ISIS strategy told ABC News. ?I don’t see why you would want to curtail either targeting strategy. This is also a war of ideas.?
And if you’re running a propaganda war, do you really think the best strategy is to kill people for speaking their minds? That doesn’t convince anyone to change the way they’re thinking. It just radicalizes more people. Having US officials state “we are the angel of death” doesn’t project anything other than pure bloodlust among US officials. It suggests a war where at least some US officials think the way to deal with ISIS is to stoop to their level — by mindlessly killing people we don’t agree with and assuming it’s “fair game” so long as they’ve mouthed off online.
As for Junaid Hussain, the guy killed in that drone strike, the report confirms what we’d heard from a bunch of people: despite what US officials put out in the news about his death, the reality was he was just a guy with a Twitter account who was loud:
?Junaid Hussain was a Twitter noisemaker and a hack hacker. He wasn’t a first disseminator on anything important, as far as I can tell. Nothing at all in his profile leads me to think he’d be close to the inner circle of leadership,? said ?ISIS: The State of Terror? author J.M. Berger, who tracks jihadists online.
In the article, those defending killing ISIS tweeters claim that it makes sense because they believe that it somehow stops the recruitment of English-speaking individuals into ISIS:
?So the English-speaking ISIS guy that is removed, in a drone strike for example, could equal a thousand potential fighters who never self-radicalize and leave home,? said Anderson, who was a top aide and advisor to the current and former Secretaries of Defense.
Except there’s an implicit assumption in there: that these Twitter accounts are successfully recruiting members of ISIS by the thousands. As we’ve pointed out before, the evidence suggests that, while the internet may play a part in radicalizing some individuals, it’s likely a fairly small part. Your local (in person) social network is a much, much bigger factor, and almost no one is simply becoming radicalized because they started to follow an ISIS person online.
Either way, it’s difficult to see how deciding to just start killing off people for being mouthy online is going to convince anyone who hates the US that they’re somehow on the wrong track. It seems like it will only confirm their preheld opinions. But, you know, the “angel of death” apparently doesn’t give a shit:
?Shoot your mouth off all you want. Eventually we are going to kill you,? the senior counter-terrorism official said.
I can’t see how that makes us any safer. It seems like quite the opposite is likely.
Filed Under: counterterrorism, drones, extrajudicial killing, isis, propaganda, targets, tweets
Stewart Baker Deploys Shakiest Analogy Yet To Defend The NSA's Collection And Storage Of Non-Targeted Communications
from the so-bad-I-think-it-gave-me-cancer dept
Stewart Baker, once again defending the poor, downtrodden NSA from the latest leak, has given us reason to add another post to the long list of “Stuff Stewart Would Like Google To Forget.”
Baker addresses the latest leak — the one published by the Washington Post that shows the NSA is harvesting communications from non-targets at a 9-to-1 ratio to actual targets. According to Baker, this is all no big deal because any fishing expedition targeted NSA collection is going to necessarily collect tons of irrelevant information.
The story* is built around the implied claim that 90% of NSA intercept data is about innocent people. I think the statistic is a phony. Especially in an article that later holds up US law enforcement practice as a superior model.
*I’ve add a link to the actual story Baker’s complaining about because he clearly can’t be arsed. Apparently, this is how certain bloggers subtweet.
In his explanation of how Sturgeon’s Law relates to the NSA’s national security aims, Baker gives the example of an unnamed law enforcement agency poking into his email account during an investigation.
_Suppose I become the target of a government investigation. The government gets a warrant [ed. note: lol_] and seizes a year’s worth of my email. Looking at my email patterns, that’s about 3500 messages. About twenty percent – say 750 –are one-off messages that I can handle with a short reply (or by ignoring the message). Either way, I’ll never hear from that person again. And maybe a quarter are from about 50 people I hear from at least once a week. The remainder are a mix — people I trade emails with for a while and then stop, or infrequent correspondents that can show up any time. Conservatively, let’s say that about 200 people are responsible for the portion of my annual correspondence that falls into that category. In sum, the total number of correspondents in my stored email is 750+200+50 = 1000. So the criminal investigators who seized and stored my messages from me, their investigative target, and 1000 people who aren’t targets.
So, in this example 99.9% of everything was irrelevant, but the agency doesn’t know that until it’s looked through all of it. Fair enough. But what does law enforcement do with the irrelevant information? (Don’t answer that.) In a perfect world, the government/law enforcement agency disposes of the irrelevant data. That’s what the laws governing search warrants and the minimization provisions governing the NSA’s collections direct these agencies to do. But what does the NSA actually do with this 90% irrelevant information?
Back to Gellman’s article:
Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.
[…]
The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another.
Even the “searching my email” analogy doesn’t hold up. The NSA searches a ton of proverbial email inboxes — without a warrant — simultaneously.
If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what other people wrote.
“1 target, 38 others on there,” one analyst wrote. She collected data on them all.
In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.
And, unlike the targeted search Baker alludes to, nothing is regarded as irrelevant because the agency can’t even determine what might or might not be worth keeping. In a targeted, warranted search, law enforcement generally has an idea of what it’s looking for. With the NSA, it’s “collect it all” because something might prove to be relevant later and besides, look at our shiny new storage space!
The NSA’s deliberate collection of non-targeted communications is more analogous to law enforcement grabbing Baker’s friends’ and family’s email as well — even though they’re not listed on the warrant — simply because these all intersect with his account at some point — and then holding onto it for x number of years simply because one analyst says it might be relevant to the investigation at some undetermined point.
The government can actually get in trouble for doing exactly the thing Baker claims is no big deal (and built on “phony statistics”). Just last month, the Second Circuit Court ruled that the feds held onto data unrelated to their stated investigation for too long, violating the plaintiff’s Fourth Amendment rights. When the NSA does this to American citizens not currently targeted by counterterrorism investigations, it’s doing the same thing. Only in the NSA’s case, it does this on a massive scale, unimpeded by the limitations of specific warrants. One order nets the NSA nearly 90,000 targets and, apparently, the communications of nearly 800,000 others, if the ratio holds.
Baker’s analogy doesn’t stand up to the slightest scrutiny, and he willfully ignores the NSA’s long-term storage of irrelevant communications to make his point. He claims Barton Gellman’s being dishonest, but who’s really applying the most spin here?
Filed Under: communications, nsa, privacy, section 702, stewart baker, surveillance, targets
NSA Insisted Snowden Didn't Have Access To Actual Surveillance Data: But He Did… And It Shows How Much Non-Terrorist Content NSA Collects
from the lying-liars dept
Just a few days ago, the Privacy and Civil Liberties Oversight Board (PCLOB) more or less gave a pass to the Section 702 surveillance program by the NSA (approved by Section 702 of the FISA Amendments Act). This is the program that combines PRISM (basically court orders to internet companies for content) and Upstream (tapping fiber backbone to sniff basically all traffic) to collect communications (not just metadata) of “targets.” For years, we’ve pointed out that the NSA defines “targets” differently than most everyone else does — and people in the know, like Senator Ron Wyden, have been trying to warn us that the NSA defines “targets” in a manner that allows the NSA to spy on the communications of a very, very large number of innocent people. The PCLOB more or less admitted that they didn’t actually see the details of what the NSA collected, but a newly analyzed trove of documents from Ed Snowden reveals the truth. While the program may actually be useful in discovering terrorist plots, it also appears to collect a ridiculous amount of data on people who clearly are not targets, and the NSA is incredibly lax about purging the database (so-called “minimization”) of that unrelated information.
This latest report, written by Barton Gellman and Ashkan Soltani at the Washington Post, is important for a number of different reasons. First is that, for quite some time now, NSA insiders have insisted that while Snowden had access to papers and reports about the various surveillance programs, he never actually had access to the actual contents of the surveillance databases. That was clearly a lie. As the article notes:
As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.
?He didn?t get this data,? Alexander told a New Yorker reporter. ?They didn?t touch ??
?The operational data?? the reporter asked.
?They didn?t touch the FISA data,? Alexander replied. He added, ?That database, he didn?t have access to.?
And, of course, Snowden-haters have regularly mocked the claim he made in his very first interview that “I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email.” Many had used the fact that no such “FISA data” had been revealed, or even alluded to, as proof that Snowden was talking bigger than his actual position and supposedly, as an “IT guy,” he didn’t really have access to the same info that analysts could access. It is now clear that those people were lying. Snowden clearly had access to that data, and gave a sample to Gellman.
Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA?s Hawaii operations center gave him ?unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ?Dual Authorities? role,? a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content ? and ?task? new collection ? without prior approval of his search terms.
Of course, this makes it all the more concerning that the NSA has admitted it still has no idea what Snowden took. For all the talk of how carefully these programs are audited, can the NSA legitimately expect anyone to believe that others — perhaps those with more nefarious intent — haven’t made off with the same kinds of content? The NSA (1) has admitted it doesn’t know what Snowden took and (2) insisted he didn’t have access to this data. Now that it’s been proven he did have access to this data and gave it to journalists, it seems pretty damn clear that the NSA has no idea if anyone else took that same data as well — or if they have been abusing the same access for more nefarious purposes (espionage, blackmail, you name it).
Meanwhile, the very same NSA attackers who insisted that Snowden didn’t have access to the surveillance database have immediately ignored their old statements and now re-spun this story into how he was “reckless” in handling such sensitive data, Snowden explains that having a sample of this kind of data is incredibly important in letting the world know just how broad the 702 surveillance is:
In an interview, Snowden said ?primary documents? offered the only path to a concrete debate about the costs and benefits of Section 702 surveillance. He did not favor public release of the full archive, he said, but he did not think a reporter could understand the programs ?without being able to review some of that surveillance, both the justified and unjustified.?
Indeed, even for those of us who have been screaming loudly about how the NSA interpreted “target” differently than most people (including Congress) suspected, since long before Snowden leaked his documents, the detailed revelations here are eye opening about just how much information the NSA actually collects based on “targets.”
Nine of 10 account holders… were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.
Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or ?minimized,? more than 65,000 such references to protect Americans? privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents.
And, frequently, the information that the NSA retained on clearly non-targeted individuals was quite revealing. Remember that this is the actual content of communications, not “just metadata” (that’s a different program).
Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.
[….]
Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie, leaning suggestively into a webcam or striking risque poses in shorts and bikini tops.
This sample cache shows pretty clearly that anything even remotely close to a loosely defined “target” (which could be a computer rather than a person) gets collected and stored:
If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply ?lurked,? reading passively what other people wrote.
?1 target, 38 others on there,? one analyst wrote. She collected data on them all.
In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.
You may recall that, all the way back in 2011, we were reporting on Senators Ron Wyden and Mark Udall asking James Clapper how many Americans were being spied upon under Section 702 of the FISA Amendments Act and being told it was impossible to estimate such a number. Here, Gellman and Soltani use what they’ve found in the cache to give the estimate that the NSA/ODNI would not:
The NSA, backed by Director of National Intelligence James R. Clapper Jr., has asserted that it is unable to make any estimate, even in classified form, of the number of Americans swept in. It is not obvious why the NSA could not offer at least a partial count, given that its analysts routinely pick out ?U.S. persons? and mask their identities, in most cases, before distributing intelligence reports.
If Snowden?s sample is representative, the population under scrutiny in the PRISM and Upstream programs is far larger than the government has suggested. In a June 26 ?transparency report,? the Office of the Director of National Intelligence disclosed that 89,138 people were targets of last year?s collection under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden?s sample, the office?s figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance.
The report also highlights the cavalier attitude by NSA analysts in determining what to keep and what to “minimize.” Section 702 certainly gave the NSA a lot more leeway to spy on Americans, and NSA analysts are making quite a lot of use of that leeway.
In their classified internal communications, colleagues and supervisors often remind the analysts that PRISM and Upstream collection have a ?lower threshold for foreignness ?standard of proof??? than a traditional surveillance warrant from a FISA judge, requiring only a ?reasonable belief? and not probable cause.
One analyst rests her claim that a target is foreign on the fact that his e-mails are written in a foreign language, a quality shared by tens of millions of Americans. Others are allowed to presume that anyone on the chat ?buddy list? of a known foreign national is also foreign.
Basically, it appears that if an analyst can come up with any reason they can justify claiming someone is “foreign,” they can use it, even if they know the person is actually a US person. And because the NSA knows they have much greater power to spy under Section 702, they often shift investigations over to put them under this authority since they can get away with more:
In an ordinary FISA surveillance application, the judge grants a warrant and requires a fresh review of probable cause ? and the content of collected surveillance ? every 90 days. When renewal fails, NSA and allied analysts sometimes switch to the more lenient standards of PRISM and Upstream.
?These selectors were previously under FISA warrant but the warrants have expired,? one analyst writes, requesting that surveillance resume under the looser standards of Section 702. The request was granted.
The report is quite damning in revealing two things that the NSA has tried to hide: First, Snowden clearly had widespread access to the surveillance database content, despite strong claims that he did not. Second, that the database includes a ton of information on people not “targeted” and that such information outweighs info on targets by a factor of 9 to 1.
Filed Under: collections, ed snowden, keith alexander, non-targets, non-us persons, nsa, section 702, surveillance, targets
Transparency Report From Office Of The Director Of National Intelligence Shows Government Issuing 50 NSLs Per Day
from the section-702-still-most-efficient-use-of-paperwork dept
In the begrudging spirit of forced openness, the Office of the Director of National Intelligence (James “Least Untruthful” Clapper, presiding) has released its First Annual Ever Transparency Report. So, what have our intelligence agencies been up to for the last calendar year? Well, a little of this and whole lot of that, all of it broken down into numbers that don’t really provide that much transparency.
The figure that first stands out is related to the Section 702 program. As defined in intelspeak, the 702 program:
facilitates the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States, creating a new, more streamlined procedure to collect the communications of foreign terrorists.
In plain English, the Section 702 program does this:
[The] collection done under Section 702 captures content of communications. This could include content in emails, instant messages, Facebook messages, web browsing history, and more.
Like other bulk surveillance programs, Section 702 supposedly targets non-US persons but frequently “incidentally” collects content from US persons and other non-targets. This data on Americans is then searchable via backdoor searches. Much of this information is collected directly off the “Internet backbone” as communications flow through NSA collection points. The authority it operates under is incredibly vague and almost completely without adequate oversight. This last sentence explains the following numbers.
In contrast with sections 703, 704 and pen register requests — where the number of targets roughly corresponds with the number of orders — the 702 program operates under one order… which nets over 89,000 targets. Note — and this is important — that the report only says how many “targets” are “affected.” It does not say how many other people’s communications are “incidentally” collected along the away and made open to those backdoor searches. And, rest assured, that number is likely much larger than 89,000 — especially since we already know that any communication “about” any target gets swept up, but that won’t count towards that number. And, as discussed below, the definition of “target” can often mean something entirely different than what you think it means. This broad collection, one that harvests content rather than (supposedly harmless) metadata, is one of the NSA’s favorite tools and explains its willingness to discuss alterations to the Section 215 bulk metadata program, but not to change the 702 program at all. (Not that anything much actually happened to the 215 program, even after all of the discussion.)
What’s more interesting, though, is the long discussion about the incredibly high number of National Security Letters issued in 2013.
The FBI (along with other agencies) is issuing NSLs at the rate of 53 per day. The ODNI’s long explanation attempts to portray this huge number as most certainly not evidence of NSL abuse.
In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.”
So, the FBI (and unnamed other agencies) must issue a new NSL (the “must” is up for discussion) for each account it wishes to collect from, whether it’s an email address or some other online account. And if multiple names are used for one target, then new NSLs must be issued to claim that information. And so on, until the government is issuing nearly 20,000 per year.
The ODNI attempts to explain how difficult it is to narrow down how many people are being targeted by NSLs.
We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL.
Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account…
We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests. The FBI often issues NSLs under different legal authorities, e.g., 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709, for the same individual or organization.
All well and good, but the DOJ’s transparency report (linked to by the ODNI) breaks that number down just fine. (For whatever reason, the ODNI Tumblr post links to a report for 2012. The PDF of the ODNI’s report contains a link to the 2013 version. Both are embedded below.)
From the 2013 letter:
In 2013, the FBI made 14,219 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 5,334 different United States persons.
From the 2012 letter:
In 2012 the FBI made 15,229 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 6,223 different United States persons.
It appears the FBI has the power to narrow down the number of persons targeted by its NSLs, although something must have happened in 2013 that made it append the following footnote to its FY2013 letter.
In the course of compiling its National Security Letter statistics, the FBI may over-report the number of United States persons about whom it obtained information using National Security Letters. For example, NSLs that are issued concerning the same US. person and that include different spellings of the US. person’s name would be counted as separate U.S. persons, and NSLs issued under two different types of NSL authorities concerning the same US. person would be counted as two US. persons. This statement also applies to previously reported annual US. person numbers.
The DOJ’s transparency letters again point out that the FISA court is basically approving everything set in front of it. Only one order has been withdrawn in the last two years and only 74 of 3,511 orders presented for “electronic surveillance” and/or “physical searches” were modified. The Section 215 collection requests were sent back for modification more often (roughly 2/3rds of the time) but ultimately, not a single one of those requests were denied.
So, there’s more transparency than we’re used to, but the 702 program still remains the best kept open secret. One order accesses thousands of “targets,” and the ODNI hasn’t exactly been forthcoming with additional details. Another explanatory note included does, however, point out inadvertently how useless the word “target” is when deployed by the NSA.
Within the Intelligence Community, the term “target” has multiple meanings. For example, “target” could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws.
Section 702’s “explanation” takes it even farther:
In addition to the explanation of target above, in the context of Section 702 the term “target” is generally used to refer to the act of intentionally directing intelligence collection at a particular person, a group, or organization.
It’s a noun, it’s a verb, it’s pretty much anything the NSA wants it to be, as Marcy Wheeler explains:
Except that it doesn’t admit that, at least in the past, sometimes target means “the switch we know lots of al Qaeda calls to use.” Meaning the term “target” is a misnomer even within the context they lay out.
There’s still nothing “targeted” about the NSA’s supposedly targeted collections. The collection comes first and the targeting comes later — sometimes using pre-determined selectors and other times by splashing around in the data until something presents itself. What the NSA means by “target” is nothing more than a term deployed to gain access to massive amounts of communications and data, all under the theory that it’s somehow “relevant” to its counter-terrorism work.
The new report is a step towards transparency, but it’s a very calculated move that throws out a few vague numbers while withholding anything that could put them into context. In this sense, it follows the administration’s idea of transparency: nothing that goes deeper than the surface.
Filed Under: james clapper, nsa, odni, section 702, surveillance, targets, transparency report
DOJ Still Trying To Hide The Fact It Flat Out Lied To The Supreme Court About Domestic Surveillance
from the because-terrorism dept
Last year, we noted that US Solicitor General Donald Verrilli had lied to the Supreme Court in Amnesty International’s lawsuit about warrantless wiretapping. If you don’t recall, Amnesty International had sued about the program, but the US government successfully got the case tossed by arguing that Amnesty International had no proof that their communications were tapped, and thus they had no standing to sue. The Supreme Court appeared troubled by the fact that no one could sue unless they somehow knew for a fact they were being spied upon, but eventually sided with the government, in large part because of one of Verrilli’s false statements.
Specifically, he claimed that others would have standing to sue, because if the government used the information obtained via such a warrantless wiretap (under Section 702 of the FISA Amendments Act) it would have to inform those who were being charged with a crime because of that information. It was only much later, when Dianne Feinstein was bragging about how effective Section 702 was in stopping “terrorists” (during a Senate debate on renewing the FISA Amendments Act) that it became clear that Verrilli had made false claims to the Supreme Court. Because in her bragging, she mentioned some specific cases that she said made use of Section 702 — and the lawyers for the defendants in those cases quickly realized that they were never informed about that.
To his credit, Verrilli himself not only claimed that he was misled by national security lawyers, but ordered that the practice be changed, and some defendants have since been informed.
Of course, to some, that has been too little too late. Back in November, we noted that Senators Mark Udall, Ron Wyden and Martin Heinrich pointed out a second false statement that Verrilli made to the Supreme Court in the same case. Specifically, the DOJ and Verrilli told the court that the NSA would have to have “targeted the communications” of someone that Amnesty was talking to, and that was “highly speculative” for Amnesty to assume that was true. But, as the Senators pointed out, it was later declassified that the 702 program was not just about collecting the communications to or from “targeted” individuals, but also any communications about them.
While this may seem like a small deal, it’s actually a very big deal, because it could likely mean that the communications of many Americans were collected without any sort of warrant. It turns out that in December, the DOJ responded, but that response has just been released. In it, the DOJ insists that lying to the Supreme Court concerning the fact that Section 702 allowed for the collection of purely domestic communications without a warrant if they were merely “about” a target (rather than to or from that target) was really no big deal at all and not relevant to the case.
Your letter raises questions regarding the now-declassified “about” collections that have resulted in the acquisition of some wholly domestic communications as a result of Section 702 surveillance and whether the government’s representations in Clapper v. Amnesty International were incomplete or misleading for failing to refer to such collections. The government acted appropriately by not addressing the “about” collections in Clapper v. Amnesty International because the existence of this type of collection was classified throughout the period during which the case was briefed, argued, and decided, and because those collections did not bear upon on the legal issues in the case. At all times, the Department and the Office of the Solicitor General have a duty of candor in our representations to the Supreme Court, and it is a duty we take extremely seriously. The Department and the Office of the Solicitor General also have a duty to respect the classified status of information, and that is also a duty we take extremely seriously. In litigation, we must take pains to avoid discussing matters that are unnecessary to the resolution of matters before the Court when those matters might disclose classified information or undermine national security, while ensuring that the Court has all of the information relevant to deciding the issues before it.
The Department’s briefing and argument in Clapper v. Amnesty International fully respected both of these duties. The Department described the surveillance authorized by Section 702 (and the provision’s targeting and minimization requirements) accurately, and we made no statements that could be reasonably understood as denying the existence of “about” collection. Moreover, the possibility of then-classified, incidental collection of domestic communications, while of undoubted importance and interest to the public, was not material to the legal issue before the Supreme Court.
Wyden and Udall have now responded to the DOJ’s letter and, not surprisingly, they’re still very troubled by the DOJ providing false and misleading information to the Supreme Court in a key case challenging the NSA’s surveillance under the FISA Amendments Act. First, the Senators note that, contrary to the DOJ’s claims, both the briefings before the Supreme Court and the oral arguments included statements which actively misled the Court into believing Section 702 only applied to communications to or from a target — and that clearly was not true.
More importantly, they note that, contrary to the DOJ’s claims, it’s pretty clear that this very much mattered as a part of the Supreme Court’s reasoning:
The Justice Department’s reply also states that the “about” collection “did not bear upon the legal issues in this case.” But in fact these misleading statements about the limits of section 702 surveillance appear to have informed the Supreme Court’s analysis. In writing for the majority, Justice Alito echoed your statements to the Court by stating that the “respondents’ theory necessarily rests on their assertion that the Government will target other individuals — namely their foreign contacts.” This statement, like your statements, appears to foreclose the possibility of “about” colleciton.
We recognize that the inclusion of this misleading statement in the Court’s analysis does not prove that the Court would have ruled differently if it had been given a fuller set of facts. Indeed, it is entirely possible that the Court would have ruled in exactly the same way. But while the Justice Department may claim that the Amnesty plaintiffs’ arguments would have been “equally speculative” if they had referenced the “about” collection, that should be a determination for the courts, and not the Justice Department, to make.
While this seems like a technical issue, it’s a huge deal. Effectively, the DOJ and Solicitor General Verrilli — whether on purpose or not — misled the Supreme Court on two key aspects of the 702 collection program, and it appears that the Supreme Court relied, in part, on both of those misleading statements in coming to its decision. The fact that the DOJ still appears rather unconcerned about how its misrepresentations may have impacted the courts is immensely troubling, not just because it may have resulted in an illegal and unconstitutional surveillance program continuing for many extra years, but also because it highlights the mendacity of the DOJ in trying to win cases at all costs, rather than actually trying to make sure the law is applied appropriately.
As the new letter from Udall and Wyden concludes:
As we have noted elsewhere, we are concerned that the executive branch’s decade-long reliance on a secret body of surveillance law has given rise to a culture of misinformation, and led senior officials to repeatedly make misleading statements to the public, Congress and the courts about domestic surveillance. The way to end this culture of misinformation and restore the public trust is to acknowledge and correct inaccurate statements when they are made, and not seek to ignore or justify them.
It’s unfortunate that it appears that so few in Congress are up in arms over this. The executive branch purposely misleading the judicial branch over constitutional issues is a very big deal, and most in Congress don’t seem to want to have anything to do with it.
Filed Under: doj, donald verrilli, faa, fisa amendments act, mark udall, ron wyden, section 702, supreme court, surveillance, targets
Companies: amnesty international
List Of Targets FBI Supposedly Asked Jeremy Hammond To Crack Revealed
from the that-didn't-take-long dept
On Friday, we wrote about Jeremy Hammond’s 10-year prison sentence, mentioning that the judge had required part of Hammond’s statement be redacted from any reports as his discussion of the list of targets he was asked to hack by FBI informant Sabu (Hector Xavier Monsegur) was considered classified. Of course, it will come as little surprise that the unredacted/uncensored text of his original statement is alleged to have leaked soon after the sentencing. Someone posted it to Pastebin. While it’s entirely possible that this is fake, there are at least some indications that it’s accurate.
Sabu also supplied lists of targets that were vulnerable to “zero day exploits” used to break into systems, including a powerful remote root vulnerability effecting the popular Plesk software. At his request, these websites were broken into, their emails and databases were uploaded to Sabu’s FBI server, and the password information and the location of root backdoors were supplied. These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others. A few of the compromised websites that I recollect include the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq.
Sabu also infiltrated a group of hackers that had access to hundreds of Syrian systems including government institutions, banks, and ISPs. He logged several relevant IRC channels persistently asking for live access to mail systems and bank transfer details. The FBI took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems, undoubtedly supplying useful intelligence to the military and their buildup for war.
All of this happened under the control and supervision of the FBI and can be easily confirmed by chat logs the government provided to us pursuant to the government’s discovery obligations in the case against me. However, the full extent of the FBI’s abuses remains hidden. Because I pled guilty, I do not have access to many documents that might have been provided to me in advance of trial, such as Sabu’s communications with the FBI. In addition, the majority of the documents provided to me are under a “protective order” which insulates this material from public scrutiny. As government transparency is an issue at the heart of my case, I ask that this evidence be made public. I believe the documents will show that the government’s actions go way beyond catching hackers and stopping computer crimes.
Again, while Hammond is responsible for actually carrying out the activity of breaking into these sites, it still seems incredibly questionable that the targets may have been suggested by the FBI, which then basically got to take advantage of Hammond’s activities, and then when that wasn’t useful any more, to throw him in jail for a decade.
Filed Under: cfaa, fbi, hacking, hector monsegur, jeremy hammond, sabu, targets
NSA Official Admits Agency's Surveillance Covers Even More People Than Previously Indicated
from the today,-most-the-world;-tomorrow,-the-world! dept
The hits just keep on coming. Each new leak or revelation fills in more details on the audacious breadth of the NSA’s surveillance activities. Previous statements from intelligence agencies declared that surveillance efforts covered only “two hops” from suspected terrorists. This meant that the agencies watched who these suspects communicated with (the first hop) and who those people communicated with (the second hop).
The two-hop limit is still broad enough to drop the surveillance dragnet over thousands of people who weren’t specifically targeted. It’s a perverse form of “guilt by association” that opens up people twice removed from the original targets to further surveillance efforts.
Now, it has come to light that these agencies go even further.
Chris Inglis, the agency’s deputy director, was one of several government representatives—including from the FBI and the office of the Director of National Intelligence—testifying before the House Judiciary Committee this morning. Most of the testimony largely echoed previous testimony by the agencies on the topic of the government’s surveillance, including a retread of the same offered examples for how the Patriot Act and Foreign Intelligence Surveillance Act had stopped terror events.
But Inglis’ statement was new. Analysts look “two or three hops” from terror suspects when evaluating terror activity, Inglis revealed.
This third “hop,” delivered as an “aside” during testimony, effectively throws a dragnet over a majority of the world’s population.
For a sense of scale, researchers at the University of Milan found in 2011 that everyone on the Internet was, on average, 4.74 steps away from anyone else.
In addition to marveling at the fact that these agencies apparently see nothing wrong with tracking millions of non-terrorists, one has to wonder what they sought to gain by clouding their own “search results” with millions of useless data points. This certainly falls under the NSA mantra of “collect it all,” an attitude that indicates the agency collects this info because it can, not because it needs it. This also provides it with a way to “target” American citizens without actually targeting them, something that would run afoul of Section 702. Each additional “hop” exponentially increases the chance of including American citizens.
It also calls into (further) question claims that harvesting vast amounts of data is preventing terrorist attacks and making our country safer. Trolling a sea of data looking for bites isn’t an effective way to fight anything, much less terrorism, something that is nebulous in both definition and aim. Asking the database “questions” and “connecting the dots” is significantly more difficult when the database is filled with tons of useless info and the number of “dots” has increased exponentially.
Inglis failed to explain why this additional hop was necessary, but that sort of casual omission may not be an option much longer. It looks as if these hearings are turning much more adversarial. A few legislators fired off some choice words in the direction of Inglis and the agency.
Ranking Minority Member John Conyers (MI): “You’ve already violated the law in my opinion.”
Rep. Jerry Nadler (NY): “I believe it’s totally unprecedented and goes way beyond the statute.”
Rep. Ted Poe (TX): “Do you see a national security exemption in the Fourth Amendment? … We’ve abused the concept of rights in the name of national security.”
It’s heartening to see a few representatives stepping up to declare the NSA’s actions reprehensible. Unfortunately, this conversation should have occurred a long time ago. What’s been revealed is likely the tip of the iceberg, and while the agencies haven’t been truthful with their overseers in Congress, the fact is that there were several opportunities for legislators to curb the overreach of the NSA and other intelligence agencies.
What’s even more disappointing is that the current administration has made very few critical statements of these agencies and their policies, preferring to make small noises about “balance” and “debate.” It, too, had an opportunity to roll this back, but instead chose to extend and expand the policies put in place by the previous administration.
The NSA is currently two “hops” away from effectively surveilling the entire world — and that’s only if we believe its latest claim. The NSA didn’t get to this point alone. It had plenty of help, some tacit and some active, in its steady march towards omniscience.
Filed Under: nsa, nsa surveillance, surveillance, targets, three hops