Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged NSA Procedures

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

NSA shares raw intelligence including Americans' data with Israel | World news | The Gu... - 0 views

www.theguardian.com/...personal-data-israel-documents

security state NSA FISA Court Israel Unit-8200 NSA-records Obama lies

shared by Paul Merrell on 19 Sep 13 - No Cached
  • The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process "minimization", but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.
  • The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. "NSA routinely sends ISNU [the Israeli Sigint National Unit] minimized and unminimized raw collection", it says.
  • In a statement to the Guardian, an NSA spokesperson did not deny that personal data about Americans was included in raw intelligence data shared with the Israelis. But the agency insisted that the shared intelligence complied with all rules governing privacy."Any US person information that is acquired as a result of NSA's surveillance activities is handled under procedures that are designed to protect privacy rights," the spokesperson said.The NSA declined to answer specific questions about the agreement, including whether permission had been sought from the Foreign Intelligence Surveillance (Fisa) court for handing over such material.
  • ...3 more annotations...
  • While NSA documents tout the mutually beneficial relationship of Sigint sharing, another report, marked top secret and dated September 2007, states that the relationship, while central to US strategy, has become overwhelmingly one-sided in favor of Israel."Balancing the Sigint exchange equally between US and Israeli needs has been a constant challenge," states the report, titled 'History of the US – Israel Sigint Relationship, Post-1992'. "In the last decade, it arguably tilted heavily in favor of Israeli security concerns. 9/11 came, and went, with NSA's only true Third Party [counter-terrorism] relationship being driven almost totally by the needs of the partner."
  • In another top-secret document seen by the Guardian, dated 2008, a senior NSA official points out that Israel aggressively spies on the US. "On the one hand, the Israelis are extraordinarily good Sigint partners for us, but on the other, they target us to learn our positions on Middle East problems," the official says. "A NIE [National Intelligence Estimate] ranked them as the third most aggressive intelligence service against the US."Later in the document, the official is quoted as saying: "One of NSA's biggest threats is actually from friendly intelligence services, like Israel. There are parameters on what NSA shares with them, but the exchange is so robust, we sometimes share more than we intended."
  • The Guardian asked the Obama administration how many times US data had been found in the raw intelligence, either by the Israelis or when the NSA reviewed a sample of the files, but officials declined to provide this information. Nor would they disclose how many other countries the NSA shared raw data with, or whether the Fisa court, which is meant to oversee NSA surveillance programs and the procedures to handle US information, had signed off the agreement with Israel.In its statement, the NSA said: "We are not going to comment on any specific information sharing arrangements, or the authority under which any such information is collected. The fact that intelligence services work together under specific and regulated conditions mutually strengthens the security of both nations."NSA cannot, however, use these relationships to circumvent US legal restrictions. Whenever we share intelligence information, we comply with all applicable rules, including the rules to protect US person information."
Paul Merrell

Fisa court oversight: a look inside a secret and empty process | Glenn Greenwald | Comm... - 0 views

www.guardian.co.uk/...ourt-oversight-process-secrecy

surveillance state NSA lies FISA FISA Court Obama procedures must-read

shared by Paul Merrell on 21 Jun 13 - No Cached
  • Since we began began publishing stories about the NSA's massive domestic spying apparatus, various NSA defenders – beginning with President Obama - have sought to assure the public that this is all done under robust judicial oversight. "When it comes to telephone calls, nobody is listening to your telephone calls," he proclaimed on June 7 when responding to our story about the bulk collection of telephone records, adding that the program is "fully overseen" by "the Fisa court, a court specially put together to evaluate classified programs to make sure that the executive branch, or government generally, is not abusing them". Obama told Charlie Rose last night:"What I can say unequivocally is that if you are a US person, the NSA cannot listen to your telephone calls … by law and by rule, and unless they … go to a court, and obtain a warrant, and seek probable cause, the same way it's always been, the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause."The GOP chairman of the House Intelligence Committee, Mike Rogers, told CNN that the NSA "is not listening to Americans' phone calls. If it did, it is illegal. It is breaking the law." Talking points issued by the House GOP in defense of the NSA claimed that surveillance law only "allows the Government to acquire foreign intelligence information concerning non-U.S.-persons (foreign, non-Americans) located outside the United States."
  • The NSA's media defenders have similarly stressed that the NSA's eavesdropping and internet snooping requires warrants when it involves Americans. The Washington Post's Charles Lane told his readers: "the government needs a court-issued warrant, based on probable cause, to listen in on phone calls." The Post's David Ignatius told Post readers that NSA internet surveillance "is overseen by judges who sit on the Foreign Intelligence Surveillance Court" and is "lawful and controlled". Tom Friedman told New York Times readers that before NSA analysts can invade the content of calls and emails, they "have to go to a judge to get a warrant to actually look at the content under guidelines set by Congress."This has become the most common theme for those defending NSA surveillance. But these claim are highly misleading, and in some cases outright false.
  • The decisions about who has their emails and telephone calls intercepted by the NSA is made by the NSA itself, not by the Fisa court, except where the NSA itself concludes the person is a US citizen and/or the communication is exclusively domestic. But even in such cases, the NSA often ends up intercepting those communications of Americans without individualized warrants, and all of this is left to the discretion of the NSA analysts with no real judicial oversight.
  • ...1 more annotation...
  • What is vital to recognize is that the NSA is collecting and storing staggering sums of communications every day. Back in 2010, the Washington Post reported that "every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications." Documents published by the Guardian last week detail that, in March 2013, the NSA collected three billions of pieces of intelligence just from US communications networks alone.In sum, the NSA is vacuuming up enormous amounts of communications involving ordinary Americans and people around the world who are guilty of nothing. There are some legal constraints governing their power to examine the content of those communications, but there are no technical limits on the ability either of the agency or its analysts to do so. The fact that there is so little external oversight is what makes this sweeping, suspicion-less surveillance system so dangerous. It's also what makes the assurances from government officials and their media allies so dubious.
  • Paul Merrell on 21 Jun 13
     
    Glenn Greenwald strikes again with hard proof from NSA documents, dissecting procedures used throughout the intelligence establishment from the NSA to the President to Congress, casting severe doubt on what we have been told by those defending the NSA surveillance program. I have highlighted only a few points from this lengthy article. As to Greenwald's discussion of the FISA Court's weaknesses, he omitted one that I believe is incredibly, the lack of an adversarial system with a lawyer opposing what the government asks the Court to authorize. True, search warrants are normally issued in the U.S. with only the government represented in the process. But there is a crucial difference: once someone is charged with a crime, the warrant must be disclosed to the defendant who can ask the court to suppress all evidence unlawfully obtained not only through the warrant but also the fruits of any unlawfully obtained evidence, meaning subsequently discovered evidence that would not have been found absent the unlawfully obtained evidence. The same result can happen if the warrant is found to be invalid for any of a variety of reasons, or the officers exceeded the scope of the search authorized.  So in the normal search warrant process, the participation of an adversary attorney is only delayed; it is not virtually eliminated as it is in the FISA Court. Thus far, only those ordered to disclose records to the NSA have been granted standing to oppose disclosure, not those who have been surveilled. The entire U.S. judicial system is built around the principle of an adversarial process. Judges are expected to be neutral arbiters between two or more sides to a dispute. We do not have an inquisitorial system, as is used for example in some European nations, where the judge is also the investigator. The FISA court is presently composed of 11 federal district court judges who also preside over normal cases in their individual districts. Steeped in the adversarial system and th
Paul Merrell

Reassured by NSA's Internal Procedures? Don't Be. They Still Don't Tell the Whole Story... - 0 views

www.eff.org/...nd-unconstitutional-fisa-court

surveillance state NSA lies FISA Court constitutional law

shared by Paul Merrell on 22 Jun 13 - No Cached
  • Yesterday, the Guardian released two previously-classified documents describing the internal "minimization" and "targeting" procedures used by the NSA to conduct surveillance under Section 702. These procedures are approved by the Foreign Intelligence Surveillance Court (FISC) on an annual basis and are supposed to serve as the bulwark between the NSA's vast surveillance capabilities and the private communications of Americans. As we noted earlier today, the procedures, themselves, aren't reassuring: far too much discretion is retained by NSA analysts, the procedures frequently resolve doubt in favor of collection, and information is obtained that could otherwise never be obtained without a warrant. Which would be bad enough, if it were the end of the story. But it's not.
  • Unless the government substantially changed the procedures between August 2010 and October 2011, these are the very procedures that the FISC eventually found resulted in illegal and unconstitutional surveillance. In October 2011, the FISC issued an 86-page opinion finding that collection carried out under the NSA's classified minimization procedures was unconstitutional. The opinion remains secret, but it is very likely that yesterday's leaked NSA documents show the very minimization procedures the Director of National Intelligence admitted the FISC had found resulted in surveillance that was “unreasonable under the Fourth Amendment" and "circumvented the spirit of the law." And for good reason: the procedures are unconstitutional. They allow for the government to obtain and keep huge amounts of information it could never Constitutionally get without a warrant based on probable cause. As we explained, the procedures are designed such that the NSA will routinely fail to exclude or remove United States persons' communications, and the removal of those communications are wholly entrusted to the "reasonable discretion" of an analyst.  
  • Yesterday, the Guardian released two previously-classified documents describing the internal "minimization" and "targeting" procedures used by the NSA to conduct surveillance under Section 702. These procedures are approved by the Foreign Intelligence Surveillance Court (FISC) on an annual basis and are supposed to serve as the bulwark between the NSA's vast surveillance capabilities and the private communications of Americans. As we noted earlier today, the procedures, themselves, aren't reassuring: far too much discretion is retained by NSA analysts, the procedures frequently resolve doubt in favor of collection, and information is obtained that could otherwise never be obtained without a warrant. Which would be bad enough, if it were the end of the story. But it's not. The targeting and minimization documents released yesterday are dated a few months after the first publicly known scandal over the new FAA procedures: In April 2009, the New York Times reported that Section 702 surveillance had “intercepted the private e-mail messages and phone calls of Americans . . . on a scale that went beyond the broad legal limits established by Congress." In June 2009, the Times reported that members of Congress were saying NSA's "recent intercepts of the private telephone calls and e-mail messages of Americans are broader than previously acknowledged." Rep. Rush Holt described the problems as "so flagrant that they can't be accidental."
  • ...2 more annotations...
  • Presumably, following these "flagrant" abuses (and likely in response to the Congressional criticism of the original procedures), the government refined the procedures. The documents released yesterday are the "improved" targeting and minimization procedures, which appear to have been reused the following year, in 2010, in the FISC's annual certification. But these amended procedures still didn't stop illegal spying under Section 702. Unless the government substantially changed the procedures between August 2010 and October 2011, these are the mimization rules that the FISC eventually found to result in illegal and unconstitutional surveillance. In October 2011, the FISC issued an 86-page opinion finding that collection carried out under the NSA's minimization procedures was unconstitutional. The opinion remains secret, but it is likely that yesterday's leaked NSA documents show the very procedures the Director of National Intelligence admitted had been found to result in surveillance that was “unreasonable under the Fourth Amendment" and "circumvented the spirit of the law." And for good reason: the procedures are unconstitutional.
  • EFF has been litigating to uncover this critical FISC opinion through the Freedom of Information Act and to uncover the "secret law" the government has been hiding from the American public. And EFF isn't alone in fighting for the release of these documents. A bipartisan coalition of Senators just announced legislation that would require the Attorney General to declassify significant FISC opinions, a move they say would help put an end to precisely this kind of "secret law."
Paul Merrell

NSA can eavesdrop on Americans' phone calls, documents show | Politics and Law - CNET News - 0 views

news.cnet.com/...ans-phone-calls-documents-show

surveillance state NSA Clapper lies must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has been secretly granted legal authority to operate a massive domestic eavesdropping system that vacuums up Americans' phone calls and Internet communications, newly leaked documents show. A pair of classified government documents (No. 1 and No. 2) signed by Attorney General Eric Holder and posted by the Guardian on Thursday show that NSA analysts are able to listen to Americans' intercepted phone calls without asking a judge for a warrant first. That appears to be at odds with what President Obama said earlier this week in defense of the NSA's surveillance efforts. "I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama said. The new documents indicate, however, that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • Analysts are expected to exercise "reasonable judgment" in determining which data to use, according to the documents, and "inadvertently acquired communications of or concerning a United States person may be retained no longer than five years." The documents also refer to "content repositories" that contain records of devices' "previous Internet activity," and say the NSA keeps records of Americans' "electronic communications accounts/addresses/identifiers" in an apparent effort to avoid targeting them in future eavesdropping efforts. The Holder procedures were blessed in advance by the secret Foreign Intelligence Surveillance Court, the Guardian reported, meaning that the judges would have issued a general order that authorizes the NSA to engage in warrantless surveillance as long as it's primarily aimed at foreign targets, subject to some limited judicial oversight. Today's disclosure jibes with what Edward Snowden, the former NSA contractor who leaked top-secret documents, alleged in an online chat earlier this week. Snowden said, referring to the contents of e-mail and phone calls, that "Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant."
  • On Sunday, Director of National Intelligence James Clapper released a carefully-worded statement in response to a CNET article and other reports questioning when intelligence analysts can listen to domestic phone calls. Clapper said: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper's statement was viewed as a denial, but it wasn't. Today's disclosures reveal why: Because the Justice Department granted intelligence analysts "proper legal authorization" in advance through the Holder regulations. "The DNI has a history of playing games with wording, using terms with carefully obscured meanings to leave an impression different from the truth," Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated domestic surveillance cases, told CNET earlier this week.
  • ...3 more annotations...
  • Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said in a statement today that: After Congress enacted the FISA Amendments Act in 2008, we worried that the NSA would use the new authority to conduct warrantless surveillance of Americans' telephone calls and emails. These documents confirm many of our worst fears. The "targeting" procedures indicate that the NSA is engaged in broad surveillance of Americans' international communications. The "minimization" procedures that supposedly protect Americans' constitutional rights turn out to be far weaker than we imagined they could be. For example, the NSA claims the authority to collect and disseminate attorney-client communications -- and even, in some circumstances, to turn them over to Justice Department prosecutors. The government also claims the authority to retain Americans' purely domestic communications in certain situations.
  • The documents suggest there are some significant loopholes in domestic surveillance: if an NSA analyst reviews an intercepted communication and finds "evidence of a crime that has been, is being, or is about to be committed," it can be forwarded to the FBI or other federal law enforcement agencies. Another loophole is "a serious harm to life or property" -- which could sweep in intellectual property -- and "enciphered" data. Communications that contain "enciphered" data, which would likely include PGP but also could mean encrypted Web connections using SSL, may be kept indefinitely. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • Section 702 of the FAA says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.
Paul Merrell

The Latest Rules on How Long NSA Can Keep Americans' Encrypted Data Look Too Familiar |... - 0 views

justsecurity.org/...s-hold-encrypted-data-familiar

surveillance state NSA IAA-2015 Sect-309 legislation

shared by Paul Merrell on 26 Jan 15 - No Cached
  • Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.
  • Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 
  • While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.
  • ...6 more annotations...
  • This language is broad, circular, and technically incoherent, so it takes some effort to parse appropriately. When the minimization procedures were disclosed in 2013, this language was interpreted by outside commentators to mean that NSA may keep all encrypted data that has been incidentally collected under Section 702 for at least as long as is necessary to decrypt that data. Is this the correct interpretation? I think so. It is important to realize that the language above isn’t just broad. It seems purposefully broad. The part regarding relevance seems to mirror the rationale NSA has used to justify its bulk phone records collection program. Under that program, all phone records were relevant because some of those records could be valuable to terrorism investigations and (allegedly) it isn’t possible to collect only those valuable records. This is the “to find a needle a haystack, you first have to have the haystack” argument. The same argument could be applied to encrypted data and might be at play here.
  • This exception doesn’t just apply to encrypted data that might be relevant to a current foreign intelligence investigation. It also applies to cases in which the encrypted data is likely to become relevant to a future intelligence requirement. This is some remarkably generous language. It seems one could justify keeping any type of encrypted data under this exception. Upon close reading, it is difficult to avoid the conclusion that these procedures were written carefully to allow NSA to collect and keep a broad category of encrypted data under the rationale that this data might contain the communications of NSA targets and that it might be decrypted in the future. If NSA isn’t doing this today, then whoever wrote these minimization procedures wanted to at least ensure that NSA has the authority to do this tomorrow.
  • There are a few additional observations that are worth making regarding these nominally new retention guidelines and Section 702 collection. First, the concept of incidental collection as it has typically been used makes very little sense when applied to encrypted data. The way that NSA’s Section 702 upstream “about” collection is understood to work is that technology installed on the network does some sort of pattern match on Internet traffic; say that an NSA target uses example@gmail.com to communicate. NSA would then search content of emails for references to example@gmail.com. This could notionally result in a lot of incidental collection of U.S. persons’ communications whenever the email that references example@gmail.com is somehow mixed together with emails that have nothing to do with the target. This type of incidental collection isn’t possible when the data is encrypted because it won’t be possible to search and find example@gmail.com in the body of an email. Instead, example@gmail.com will have been turned into some alternative, indecipherable string of bits on the network. Incidental collection shouldn’t occur because the pattern match can’t occur in the first place. This demonstrates that, when communications are encrypted, it will be much harder for NSA to search Internet traffic for a unique ID associated with a specific target.
  • This lends further credence to the conclusion above: rather than doing targeted collection against specific individuals, NSA is collecting, or plans to collect, a broad class of data that is encrypted. For example, NSA might collect all PGP encrypted emails or all Tor traffic. In those cases, NSA could search Internet traffic for patterns associated with specific types of communications, rather than specific individuals’ communications. This would technically meet the definition of incidental collection because such activity would result in the collection of communications of U.S. persons who aren’t the actual targets of surveillance. Collection of all Tor traffic would entail a lot of this “incidental” collection because the communications of NSA targets would be mixed with the communications of a large number of non-target U.S. persons. However, this “incidental” collection is inconsistent with how the term is typically used, which is to refer to over-collection resulting from targeted surveillance programs. If NSA were collecting all Tor traffic, that activity wouldn’t actually be targeted, and so any resulting over-collection wouldn’t actually be incidental. Moreover, greater use of encryption by the general public would result in an ever-growing amount of this type of incidental collection.
  • This type of collection would also be inconsistent with representations of Section 702 upstream collection that have been made to the public and to Congress. Intelligence officials have repeatedly suggested that search terms used as part of this program have a high degree of specificity. They have also argued that the program is an example of targeted rather than bulk collection. ODNI General Counsel Robert Litt, in a March 2014 meeting before the Privacy and Civil Liberties Oversight Board, stated that “there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.” The collection of Internet traffic based on patterns associated with types of communications would be bulk collection; more akin to NSA’s collection of phone records en mass than it is to targeted collection focused on specific individuals. Moreover, this type of collection would certainly fall within the definition of bulk collection provided just last week by the National Academy of Sciences: “collection in which a significant portion of the retained data pertains to identifiers that are not targets at the time of collection.”
  • The Section 702 minimization procedures, which will serve as a template for any new retention guidelines established for E.O. 12333 collection, create a large loophole for encrypted communications. With everything from email to Internet browsing to real-time communications moving to encrypted formats, an ever-growing amount of Internet traffic will fall within this loophole.
  • Paul Merrell on 26 Jan 15
     
    Tucked into a budget authorization act in December without press notice. Section 309 (the Act is linked from the article) appears to be very broad authority for the NSA to intercept any form of telephone or other electronic information in bulk. There are far more exceptions from the five-year retention limitation than the encrypted information exception. When reading this, keep in mind that the U.S. intelligence community plays semantic games to obfuscate what it does. One of its word plays is that communications are not "collected" until an analyst looks at or listens to partiuclar data, even though the data will be searched to find information countless times before it becomes "collected." That searching was the major basis for a decision by the U.S. District Court in Washington, D.C. that bulk collection of telephone communications was unconstitutional: Under the Fourth Amendment, a "search" or "seizure" requiring a judicial warrant occurs no later than when the information is intercepted. That case is on appeal, has been briefed and argued, and a decision could come any time now. Similar cases are pending in two other courts of appeals. Also, an important definition from the new Intelligence Authorization Act: "(a) DEFINITIONS.-In this section: (1) COVERED COMMUNICATION.-The term ''covered communication'' means any nonpublic telephone or electronic communication acquired without the consent of a person who is a party to the communication, including communications in electronic storage."       
Paul Merrell

Things Barack Obama Doesn't Consider "Abuse" | emptywheel - 0 views

www.emptywheel.net/...ck-obama-doesnt-consider-abuse

surveillance state NSA-abuse Obama

shared by Paul Merrell on 23 May 14 - No Cached
  • President Obama will shortly give a speech in which he’ll make cosmetic changes to the NSA dragnet, but will continue, in many ways, the accessing of personal data from Americans with no probable cause. As part of his cosmetic effort, he will also say there has been no evidence of abuse in these programs. That means he does not consider any of the following abuse: The NSA spied on the porn and phone sex habits of ideological opponents, including those with no significant ties to extremists, and including a US person.
  • According to the NSA in 2009, it had a program similar to Project Minaret — the tracking of anti-war opponents in the 1970s — in which it spied on people in the US in the guise of counterterrorism without approval. We still don’t have details of this abuse. When the NSA got FISC approval for the Internet (2004) and phone (2006) dragnets, NSA did not turn off features of Bush’s illegal program that did not comply with the FISC authorization. These abuses continued until 2009 (one of them, the collection of Internet metadata that qualified as content, continued even after 2004 identification of those abuses). Even after the FISC spent 9 months reining in some of this abuse, the NSA continued to ignore limits on disseminating US person data. Similarly, the NSA and FBI never complied with PATRIOT Act requirements to develop minimization procedures for the Section 215 program (in part, probably, because NSA’s role in the phone dragnet would violate any compliant minimization procedures).
  • The NSA has twice — in 2009 and 2011 — admitted to collecting US person content in the United States in bulk after having done so for years. It tried to claim (and still claims publicly in spite of legal rulings to the contrary) this US person content did not count as intentionally-collected US person content (FISC disagreed both times), and has succeeded in continuing some of it by refusing to count it, so it can claim it doesn’t know it is happening. As recently as spring 2012, 9% of the NSA’s violations involved analysts breaking standard operating procedures they know. NSA doesn’t report these as willful violations, however, because they’ve deemed any rule-breaking in pursuit of “the mission” not to be willful violations. In 2008, Congress passed a law allowing bulk collection of foreign-targeted content in the US, Section 702, to end the NSA’s practice of stealing Internet company data from telecom cables. Yet in spite of having a legal way to acquire such data, the NSA (through GCHQ) continues to steal data from some of the same companies, this time overseas, from their own cables. Arguably this is a violation of Section 702 of FISA.
  • ...1 more annotation...
  • NSA may intentionally collect US person content (including Internet metadata that legally qualifies as content) overseas (it won’t count this data, so we don’t know how systematic it is). If it does, it may be a violation of Section 703 of FISA. Rather than discussing any of these violations, the NSA has waved around a few cases of LOVEINT (most, if not all, of which have not been prosecuted) as part of a successful ploy to distract from much more systemic abuses of its authority, affecting far more Americans. But there has been abuse, even beyond practices (like back door searches) that gut the Fourth Amendment or (like NSA’s approach to encryption) that hurt Americans’ security. President Obama will spend a lot of time saying there have been no abuses. He’s wrong.
  • Paul Merrell on 23 May 14
     
    One I had missed before, Marcy Wheeler's missive just before Obama delivered his speech on the NSA in January 2014, announcing his proposed "reforms."
Paul Merrell

NSA loophole allows warrantless search for US citizens' emails and phone calls | World ... - 0 views

www.theguardian.com/...rrantless-searches-email-calls

surveillance state NSA Wyden FISA-loophole must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens' email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.The previously undisclosed rule change allows NSA operatives to hunt for individual Americans' communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing "warrantless searches for the phone calls or emails of law-abiding Americans".The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA's dragnet surveillance programs.
  • The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection" in surveillance parlance.But this is the first evidence that the NSA has permission to search those databases for specific US individuals' communications.
  • Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA's retention of Americans' communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a "backdoor search" through Americans' communications data."Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection," he said."Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans."
  • ...2 more annotations...
  • A secret glossary document provided to operatives in the NSA's Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the "minimization" procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US."While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]."The term "identifiers" is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.
  • Exclusive: Spy agency has secret backdoor permission to search databases for individual Americans' communications
Paul Merrell

Edward Snowden, a year on: reformers frustrated as NSA preserves its power | World news... - 1 views

www.theguardian.com/...e-year-nsa-surveillance-reform

surveillance-state NSA-reform legislation

shared by Paul Merrell on 07 Jun 14 - No Cached
  • For two weeks in May, it looked as though privacy advocates had scored a tenuous victory against the widespread surveillance practices exposed by Edward Snowden a year ago. Then came a resurgent intelligence community, armed with pens, and dry, legislative language.During several protracted sessions in secure rooms in the Capitol, intelligence veterans, often backed by the congressional leadership, sparred with House aides to abridge privacy and transparency provisions contained in the first bill rolling back National Security Agency spying powers in more than three decades. The revisions took place in secret after two congressional committees had passed the bill. The NSA and its allies took creative advantage of a twilight legislative period permitting technical or cosmetic language changes.The episode shows the lengths to which the architects and advocates of bulk surveillance have gone to preserve their authorities in the time since the Guardian, 12 months ago today, began disclosing the scope of NSA data collection. That resistance to change, aided by the power and trust enjoyed by the NSA on Capitol Hill, helps explain why most NSA powers remain intact a year after the largest leak in the agency's histo
  • But exactly one year on, the NSA’s greatest wound so far has been its PR difficulties. The agency, under public pressure, has divested itself of exactly one activity, the bulk collection of US phone data. Yet while the NSA will not itself continue to gather the data directly, the major post-Snowden legislative fix grants the agency wide berth in accessing and searching large volumes of phone records, and even wider latitude in collecting other kinds of data.There are no other mandated reforms.
  • The Freedom Act ultimately sped to passage in the House on May 22 by a bipartisan 303-121 vote. NSA advocates who had blasted its earlier version as hazardous to national security dropped their objections – largely because they had no more reason.Accordingly, the compromise language caused civil libertarians and technology groups not just to abandon the Freedom Act that they had long championed, but to question whether it actually banned bulk data collection. The government could acquire call-records data up to two degrees of separation from any "reasonable articulable suspicion" of wrongdoing, potentially representing hundreds or thousands of people on a single judicial order." That was not all.
  • ...4 more annotations...
  • Some NSA critics look to the courts for a fuller tally of their victories in the wake of the Snowden disclosures. Judges have begun to permit defendants to see evidence gathered against them that had its origins in NSA email or call intercepts, which could disrupt prosecutions or invalidate convictions. At least one such defendant, in Colorado, is seeking the exclusion of such evidence, arguing that its use in court is illegal.Still other cases challenging the surveillance efforts have gotten beyond the government’s longtime insistence that accusers cannot prove they were spied upon, as the Snowden trove demonstrated a dragnet that presumptively touched every American’s phone records. This week, an Idaho federal judge implored the supreme court to settle the question of the bulk surveillance's constitutionality."The litigation now is about the merits. It’s about the lawfulness of the surveillance program," said Jameel Jaffer, the ACLU’s deputy legal director.
  • "As the bill stands today, it could still permit the collection of email records from everyone who uses a particular email service," warned a Google legislative action alert after the bill passed the House. In a recent statement, cloud-storage firm Tresorit lamented that "there still has been no real progress in achieving truly effective security for consumer and corporate information."No one familiar with the negotiations alleges the NSA or its allies broke the law by amending the bill during the technical-fix period. But it is unusual for substantive changes to be introduced secretly after a bill has cleared committee and before its open debate by the full Senate or House."It is not out of order, but major changes in substance are rare, and appropriately so," said Norman Ornstein, an expert on congressional procedure at the American Enterprise Institute.Steve Aftergood, an intelligence policy analyst at the Federation of American Scientists, said the rewrites to the bill were an "invitation to cynicism."
  • "There does seem to be a sort of gamesmanship to it. Why go through all the troubling of crafting legislation, enlisting support and co-sponsorship, and adopting compromises if the bill is just going to be rewritten behind closed doors anyway?" Aftergood said.
  • Civil libertarians and activists now hope to strengthen the bill in the Senate. Its chief sponsor, Patrick Leahy of Vermont, vowed to take it up this month, and to push for "meaningful reforms" he said he was "disappointed" the House excluded. Obama administration officials will testify in the Senate intelligence committee about the bill on Thursday afternoon, the first anniversary of the Guardian's disclosure of bulk domestic phone records collection. That same day, Reddit, Imgur and other large websites will stage an online "Reset The Net" protest of NSA bulk surveillance.But the way the bill "morphed behind the scenes," as Lofgren put it, points to the obstacles such efforts face. It also points to a continuing opportunity for the NSA to say that Congress has actually blessed widespread data collection – a claim made after the Snowden leaks, despite most members of Congress and the public not knowing that NSA and the Fisa court secretly reinterpreted the Patriot Act in order to collect all US phone records.
  • Paul Merrell on 07 Jun 14
     
    Good Guardian article on how the American Freedom Act as reported out of House committees was gutted in secret meetings between key representatives and NSA (and other Executive Branch) officials. The House of Representatives kisses the feet of Dark Government. 
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

www.theguardian.com/...-likely-unconstitutional-judge

surveillance state NSA call-metadata litigation 4th Amendment constitutional law NSA-blowback

shared by Paul Merrell on 17 Dec 13 - No Cached
  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  • Paul Merrell on 17 Dec 13
     
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  • Paul Merrell on 17 Dec 13
     
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
Paul Merrell

Fisa court documents reveal extent of NSA disregard for privacy restrictions | World ne... - 0 views

www.theguardian.com/...cuments-nsa-violations-privacy

surveillance state NSA FISA Court lies NSA-blowback

shared by Paul Merrell on 20 Nov 13 - No Cached
  • Newly declassified court documents indicate that the National Security Agency shared its trove of American bulk email and internet data with other government agencies in violation of specific court-ordered procedures to protect Americans’ privacy. The dissemination of the sensitive data transgressed both the NSA’s affirmations to the secret surveillance court about the extent of the access it provided, and prompted incensed Fisa court judges to question both the NSA’s truthfulness and the value of the now-cancelled program to counter-terrorism. While the NSA over the past several months has portrayed its previous violations of Fisa court orders as “technical” violations or inadvertent errors, the oversharing of internet data is described in the documents as apparent widespread and unexplained procedural violations. “NSA’s record of compliance with these rules has been poor,” wrote judge John Bates in an opinion released on Monday night in which the date is redacted.
  • “Most notably, NSA generally disregarded the special rules for disseminating United States person information outside of NSA until it was ordered to report such disseminations and to certify to the [Fisa court] that the required approval had been obtained.” In addition to improperly permitting access to the email and internet data – intended to include information such as the “to” “from” and “BCC” lines of an email – Bates found that the NSA engaged in “systemic overcollection”, suggesting that content of Americans’ communications was collected as well.
  • The court had required the NSA to comply with a longstanding internal procedure for protecting Americans’ sensitive information prior to sharing the data internally within NSA, known as United States Signals Intelligence Directive 18 (USSID 18) and also declassified on Monday night; and additionally required a senior NSA official to determine that any material shared outside the powerful surveillance agency was related to counter-terrorism. Yet in a separate Fisa court document, the current presiding judge, Reggie Walton, blasted the government’s secret declaration that it followed USSID 18 “rather than specifically requiring that the narrower dissemination provision set forth in the Court’s orders in this matter be strictly adhered to”. Walton wrote: “The court understands this to mean that the NSA likely has disseminated US person information derived from the [email and internet bulk] metadata outside NSA without a prior determination from the NSA official designated in the court’s orders that the information is related to counter-terrorism information and is necessary to understand the counter-terrorism information or assess its importance.”
  • ...3 more annotations...
  • In an opinion apparently written in June 2009, Walton said the court was “gravely concerned” that “NSA analysts, cleared and otherwise, have generally not adhered to the dissemination restrictions proposed by the government, repeatedly relied on by the court in authorizing the [email and internet bulk] metadata, and incorporated into the court’s orders in this matter [redacted] as binding on NSA.” Walton said the NSA’s legal team had failed to satisfy the training requirements that NSA frequently points to in congressional testimony as demonstrating its scrupulousness. Walton added that he was “seriously concerned” by the placement of Americans’ email and internet metadata into “databases accessible by outside agencies, which, as the government has acknowledged, violates not only the court’s orders, but also NSA’s minimization and dissemination procedures as set forth in USSID 18.”
  • In 2011, Bates wrote that the “volume and nature” of the NSA’s bulk collection on foreign internet content was “fundamentally different from what the court had been led to believe”. Yet the documents disclosed Monday night, thanks to a transparency lawsuit, show that Bates and Walton permitted the surveillance of Americans’ bulk email and internet metadata to continue under additional restrictions, out of concern for the ongoing terrorism threat.
  • Elizabeth Goitien of the Brennan Center for Justice at New York University said that the declassified opinions raise disturbing questions about the NSA’s truthfulness. “Either the NSA is really trying to comply with the court’s orders and is absolutely incapable of doing so, in which case it’s terrifying that they’re performing this surveillance, or they’re not really trying to comply,” Goitien said. “Neither of those explanations is particularly comforting.”
Gary Edwards

Take A Break From The Snowden Drama For A Reminder Of What He's Revealed So Far - Forbes - 0 views

www.forbes.com/...er-of-what-hes-revealed-so-far

NSA-Patriot-Act-NDAA NSA-Whistleblower Edward-Snowden

shared by Gary Edwards on 26 Jun 13 - No Cached
  • Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.
  • The publication of Snowden’s leaks began with a top secret order from the Foreign Intelligence Surveillance Court (FISC) sent to Verizon on behalf of the NSA, demanding the cell phone records of all of Verizon Business Network Services’ American customers for the three month period ending in July. The order, obtained by the Guardian, sought only the metadata of those millions of users’ calls–who called whom when and from what locations–but specifically requested Americans’ records, disregarding foreigners despite the NSA’s legal restrictions that it may only surveil non-U.S. persons. Senators Saxby Chambliss and Diane Feinstein defended the program and said it was in fact a three-month renewal of surveillance practices that had gone for seven years.
  • A leaked executive order from President Obama shows the administration asked intelligence agencies to draw up a list of potential offensive cyberattack targets around the world. The order, which suggests targeting “systems, processes and infrastructure” states that such offensive hacking operations “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” The order followed repeated accusations by the U.S. government that China has engaged in state-sponsored hacking operations, and was timed just a day before President Obama’s summit with Chinese President Xi Jinping.
  • ...6 more annotations...
  • Another leaked slide deck revealed a software tool called Boundless Informant, which the NSA appears to use for tracking the origin of data it collects. The leaked materials included a map produced by the program showing the frequency of data collection in countries around the world. While Iran, Pakistan and Jordan appeared to be the most surveilled countries according to the map, it also pointed to significant data collection from the United States.
  • In a congressional hearing, NSA director Keith Alexander argued that the kind of surveillance of Americans’ data revealed in that Verizon order was necessary to for archiving purposes, but was rarely accessed and only with strict oversight from Foreign Intelligence Surveillance Court judges. But another secret document published by the Guardian revealed the NSA’s own rules for when it makes broad exceptions to its foreign vs. U.S. persons distinction, accessing Americans’ data and holding onto it indefinitely. Those exceptions include anytime Americans’ data is judged to be “significant foreign intelligence” information or information about a crime that has been or is about to be committed, any data “involved in the unauthorized disclosure of national security information,” or necessary to “assess a communications security vulnerability.” Any encrypted data that the NSA wants to crack can also be held indefinitely, regardless of whether its American or foreign origin.
  • Documents leaked to the Guardian revealed a five-year-old British intelligence scheme to tap transatlantic fiberoptic cables to gather data. A program known as Tempora, created by the U.K.’s NSA equivalent Government Communications Headquarters (GCHQ) has for the last 18 months been able to store huge amounts of that raw data for up to 30 days. Much of the data is shared with the NSA, which had assigned 250 analysts to sift through it as of May of last year.
  • Another GCHQ project revealed to the Guardian through leaked documents intercepted the communications of delegates to the G20 summit of world leaders in London in 2009. The scheme included monitoring the attendees’ phone calls and emails by accessing their Blackberrys, and even setting up fake Internet cafes that used keylogging software to surveil them.
  • Snowden showed the Hong Kong newspaper the South China Morning Post documents that it said outlined extensive hacking of Chinese and Hong Kong targets by the NSA since 2009, with 61,000 targets globally and “hundreds” in China. Other SCMP stories based on Snowden’s revelations stated that the NSA had gained access to the Chinese fiberoptic network operator Pacnet as well as Chinese mobile phone carriers, and had gathered large quantities of Chinese SMS messages.
  • The Guardian’s Glenn Greenwald has said that Snowden provided him “thousands” of documents, of which “dozens” are newsworthy. And Snowden himself has said he’d like to expose his trove of leaks to the global media so that each country’s reporters can decide whether “U.S. network operations against their people should be published.” So regardless of where Snowden ends up, expect more of his revelations to follow.
  • Gary Edwards on 26 Jun 13
     
    Nice tight summary
Paul Merrell

NSA 'secret backdoor' paved way to U.S. phone, e-mail snooping | Politics and Law - CNE... - 0 views

news.cnet.com/...y-to-u.s-phone-e-mail-snooping

surveillance state NSA Obama lies must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency created a "secret backdoor" so its massive databases could be searched for the contents of U.S. citizens' confidential phone calls and e-mail messages without a warrant, according to the latest classified documents leaked by Edward Snowden. A report in the Guardian on Friday quoted Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence Committee, as saying the secret rule offers a loophole allowing "warrantless searches for the phone calls or emails of law-abiding Americans." That appears to confirm what Rep. Jerrold Nadler, a New York Democrat, said in June after receiving a classified briefing from administration officials a few days earlier on the extent of the NSA's domestic surveillance operations. If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he had been told during the briefing. "I was rather startled," said Nadler, an attorney who serves on the House Judiciary Committee.
  • FBI Director Robert Mueller responded by assuring Nadler, according to a transcript of the hearing, that to "listen to the phone," the government would need "a particularized order" from the Foreign Intelligence Surveillance Court -- a claim that is contradicted by today's Guardian report and other documents. Mueller has been succeeded by James Comey, who was confirmed last month by the Senate. In response to a CNET article at the time, Director of National Intelligence James Clapper released a statement saying: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper never elaborated, however, on what "proper" authorization would be. Today's top-secret document leaked by Snowden reveals that "procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data."
  • FAA 702 is a reference to section 702 of a 2008 law that amended the Foreign Intelligence Surveillance Act. Those amendments created a warrantless surveillance process that could be employed by NSA analysts, but Congress never intended it to be used domestically against American citizens: A congressional report accompanying the law claimed it allows electronic surveillance only of "persons located outside the United States in order to acquire foreign intelligence information." In reality, though, the Obama Justice Department has devised secret interpretations of FAA 702 carving out loopholes in what were intended to be strict privacy safeguards. One loophole revealed in June shows that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • ...2 more annotations...
  • Today's disclosures appear to be at odds with what President Obama has said over the last two months in defense of NSA surveillance. "What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama has said. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to Section 702 of the FISA Amendments Act, which Congress renewed in 2012. It says that any civil lawsuit "against any person for providing assistance to an element of the intelligence community...shall be promptly dismissed." Section 702 of the law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court -- in practice, this means analysts at the NSA and other agencies with intelligence functions -- as long as minimization requirements and general procedures blessed by the court are followed. It's unclear whether the court has approved the "secret backdoor" allowing Americans' e-mail and phone messages to be targeted for domestic surveillance.
Paul Merrell

Revealed: the top secret rules that allow NSA to use US data without a warrant | World ... - 0 views

www.guardian.co.uk/...fisa-court-nsa-without-warrant

surveillance state digital-privacy NSA NSA Procedures must-read

shared by Paul Merrell on 20 Jun 13 - No Cached
  • Fisa court submissions show broad scope of procedures governing NSA's surveillance of Americans' communication• Document one: procedures used by NSA to target non-US persons• Document two: procedures used by NSA to minimise data collected from US persons
  • Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information "inadvertently" collected from domestic US communications without a warrant.The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target "non-US persons" under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance.The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used.
  • The procedures cover only part of the NSA's surveillance of domestic US communications. The bulk collection of domestic call records, as first revealed by the Guardian earlier this month, takes place under rolling court orders issued on the basis of a legal interpretation of a different authority, section 215 of the Patriot Act.
  • Paul Merrell on 20 Jun 13
     
    Lots of gruesome detail in the article and even more in the documents. Another major leaked disclosure from the Big Brother secret arm of U.S. government. A cautionary warning: these are merely documents. They are not regulations as that term is understood under the Administrative Procedures Act. There may or may not be one or more secret Executive Orders requiring Agency personnel to adhere to what the documents say.  Even with agencies that are far more open to public scrutiny, it is common for agency staff to ignore regulations and statutes. Every time someone wins a lawsuit pursuant to the combination of the Administrative Procedures Act and some other federal law or regulation, one of the most common types of lawsuits against federal agencies, it is because agency staff violated the law or the regulation. It's a common situation even with agencies that have to operate in the sunlight. An agency allowed to operate without any right of the public to challenge its actions has even less incentive to adhere to its formal procedures.   So particularly with an agency permitted to operate in secret, the existence of these documents does not mean that they get more than an occasional wink and a nod by agency staff. That said, this is pretty gruesome reading for a civil libertarian and is also rife with vagueness, ambiguity, and loopholes. Not surprisingly though for an experienced lawyer; those who deliberately trample on others' rights rarely write written confessions.
Paul Merrell

NSA 'not interested in' Americans, privacy officer claims | TheHill - 0 views

thehill.com/...ericans-privacy-officer-claims

surveillance state NSA not-interested Richards

shared by Paul Merrell on 18 Mar 16 - No Cached
  • The National Security Agency’s internal civil liberties watchdog insisted on Thursday that the agency has no interest in spying on Americans under its controversial spying tools. “Our employees are trained to not look for U.S. persons,” NSA privacy and civil liberties officer Rebecca Richards said on Thursday.
  • “We’re not interested in those U.S. persons. We’re trying to look away from those,” she added. “Instead, we’re looking for where are our targets?”Richards’s comments came up during a Capitol Hill panel discussion about a new report on U.S. spying from the Brennan Center for Justice.The analysis looks at aspects of a presidential order that dates back to Ronald Reagan and was updated by then-President George W. Bush, called Executive Order 12333.
  • Programs under the order, which is meant to guide foreign surveillance, “have implications for Americans’ privacy that could well be greater than those of their domestic counterparts,” the organization wrote in its analysis. “The vast majority of Americans — whether wittingly or not — engage in communication that is transmitted or stored overseas.”“This reality of the digital age renders Americans’ communications and data highly vulnerable to NSA surveillance abroad.”
  • ...2 more annotations...
  • NSA surveillance under Executive Order 12333 is separate from the agency’s higher profile bulk collection of Americans’ phone records, which ended last year. It also occurs under separate legal powers than a controversial provision of the 2008 update to the Foreign Intelligence Surveillance Act, which comes up for renewal at the end of 2017.The executive order targets foreigners, but can “incidentally” pick up data about Americans if their activity on the Internet crosses international borders, Richards acknowledged.“Our procedures are designed to say: There are occasions when you are going to get U.S. persons,” she said, “and when you get those U.S. persons, here’s the rules.”
  • Richards is the agency’s first ever civil liberties officer. She was hired in early 2014, on the heels of fallout from Edward Snowden’s leaks about the spy agency. 
  • Paul Merrell on 18 Mar 16
     
    Not interested. Apparently that's why NSA was turning over raw search results to Israel without filtering out "U.S. persons" data. And why they just decided to give other agencies including law enforcement access to raw search results. And why Gen. Keith Alexander personally put together a program to ruin people's reputations including a "U.S. person." And why Russell Tice said that he personally had Obama's NSA dossier in his hands when Obama was running for the U.S. Senate. And why Tice says NSA had similar dossiers on members of Congress and the justices of the U.S. Supreme Court and targeted "lots of lawyers." On and on.  Ms. Richards appears to have become a quick study in NSA's hallmark skill of lying to the public. 
Paul Merrell

Bulk Collection Under Section 215 Has Ended… What's Next? | Just Security - 0 views

www.justsecurity.org/...lk-collection-ended-whats-next

surveillance state NSA-reform 215 bulk-collection EO-12333

shared by Paul Merrell on 01 Dec 15 - No Cached
  • The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”
  • But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.
  • There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.
  • ...2 more annotations...
  • The US intelligence community’s broadest surveillance authorities are enshrined in Executive Order 12333, which primarily covers the interception of electronic communications overseas. The Order authorizes the collection, retention, and dissemination of “foreign intelligence” information, which includes information “relating to the capabilities, intentions or activities of foreign powers, organizations or persons.” In other words, so long as they are operating outside the US, intelligence agencies are authorized to collect information about any foreign person — and, of course, any Americans with whom they communicate. The NSA has conceded that EO 12333 is the basis of most of its surveillance. While public information about these programs is limited, a few highlights give a sense of the breadth of EO 12333 operations: The NSA gathers information about every cell phone call made to, from, and within the Bahamas, Mexico, Kenya, the Philippines, and Afghanistan, and possibly other countries. A joint US-UK program tapped into the cables connecting internal Yahoo and Google networks to gather e-mail address books and contact lists from their customers. Another US-UK collaboration collected images from video chats among Yahoo users and possibly other webcam services. The NSA collects both the content and metadata of hundreds of millions of text messages from around the world. By tapping into the cables that connect global networks, the NSA has created a database of the location of hundreds of millions of mobile phones outside the US.
  • Given its scope, EO 12333 is clearly critical to those seeking serious surveillance reform. The path to reform is, however, less clear. There is no sunset provision that requires action by Congress and creates an opportunity for exposing privacy risks. Even in the unlikely event that Congress was inclined to intervene, it would have to address questions about the extent of its constitutional authority to regulate overseas surveillance. To the best of my knowledge, there is no litigation challenging EO 12333 and the government doesn’t give notice to criminal defendants when it uses evidence derived from surveillance under the order, so the likelihood of a court ruling is slim. The Privacy and Civil Liberties Oversight Board is currently reviewing two programs under EO 12333, but it is anticipated that much of its report will be classified (although it has promised a less detailed unclassified version as well). While the short-term outlook for additional surveillance reform is challenging, from a longer-term perspective, the distinctions that our law makes between Americans and non-Americans and between domestic and foreign collection cannot stand indefinitely. If the Fourth Amendment is to meaningfully protect Americans’ privacy, the courts and Congress must come to grips with this reality.
Paul Merrell

Lawfare › The NSA Documents: The Entire Series - 0 views

www.lawfareblog.com/...sa-documents-the-entire-series

surveillance state NSA NSA-records NSA-docs

shared by Paul Merrell on 30 Aug 13 - No Cached
  • Our series on the NSA documents now being complete, I thought I would collect all of the posts together in one place. Here are the documents themselves. And here are our seven posts commenting on them: The Introduction Summary of the October 2011 FISC Opinion Summary of the November 2011 FISC Opinion Summary of the September 2012 FISC Opinion Summary of Statements to Congress Summary of the Minimization Procedures Summary of the Semi-Annual Compliance Report Now that the series is done, I will turn to the question of
  • Paul Merrell on 30 Aug 13
     
    Someone had the sense and time to collect them all. The linked site has many NSA/privacy research resources 
Paul Merrell

Lack of Due Diligence: The NSA's "the Analyst Didn't Give a Fuck" Violation | emptywheel - 0 views

www.emptywheel.net/...st-didnt-give-a-fuck-violation

surveillance state NSA privacy-violations stats lies

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The NSA claims there have been no willful violations the law relating to the NSA databases. For example, NSA’s Director of Compliance John DeLong just said ”NSA has a zero tolerance policy for willful misconduct. None of the incidents were willful.” House Intelligence Chair Mike Rogers just said the documents show “no intentional or willful violations.” Which is why I want to look more closely at the user error categories included in the May 3, 2012 audit. The report doesn’t actually break down the root cause of errors across all violations. But it does for 3 different types of overlapping incident types (the 195 FISA authority incidents, the 115 database query ones, and the 772 S2 Directorate violations).
  • What I’m interested in are the three main types of operator error: human error, resources, and lack of due diligence.
  • But then there’s a third category: lack of due diligence. The report defines lack of due diligence as “a failure to follow standard operating procedures.” But some failure to follow standard operating procedure is accounted for in other categories, like training, the misapplied query techniques, and the apparent inadequate research violations. This category appears to be something different than the “honest mistake” errors categorized under human error. In fact, by the very exclusion of these violations from the “human error” category, NSA seems to be admitting these violations aren’t errors. These violations of standard operating procedures, it seems, are intentional. Not errors. Willful violations. At the very least, this category seems to count the violations on behalf of analysts who just don’t give a fuck what he rules are, they’re going to ignore the rules. This category, what consider the “Analyst didn’t give a fuck” category, accounts for 9% to 20% of all the violations broken out by root cause.
  • ...1 more annotation...
  • In aggregate, these violations may not amount to all that many given the thousands of queries run every year — they make up just 68 of the violations in S2, for example. Those 68 due diligence violations make up almost 8% of the violations in the quarter, not counting due diligence violations that may have happened in other Directorates. John DeLong, who is in charge of compliance at NSA, says the Agency has zero tolerance for willful misconduct. But the NSA appears to have a good deal more tolerance for a lack of due diligence.
  • Paul Merrell on 17 Aug 13
     
    Marcy at EmptyWheel digs into the leaked NSA audit reports and exposes what appears to be another Obama Administration lie: that none of the violations of surveillance law by NSA staff were willful. NSA appears to be hiding the willful violations under the misleadingly titled "lack of due diligence" category. Who says numbers can't lie, if they're miscategorized?   
Paul Merrell

FBI, CIA Use Backdoor Searches To Warrentlessly Spy On Americans' Communications | Tech... - 0 views

www.techdirt.com/...ications-without-warrant.shtml

surveillance state NSA CIA FBI Wyden NSA-backdoors PCLOB

shared by Paul Merrell on 01 Jul 14 - No Cached
  • The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.
  • This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:
  • Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight. Yikes! Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:
  • ...5 more annotations...
  • The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest. Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.
  • In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.
  • So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place. Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:
  • When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.
  • Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done. Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.
  • Paul Merrell on 01 Jul 14
     
    Note to self: Look for the new PCLOB report in the morning. 
Paul Merrell

NSA performed warrantless searches on Americans' calls and emails - Clapper |... - 0 views

www.theguardian.com/...llance-loophole-americans-data

surveillance state NSA FISA-Court FISA-loophole lies Obama

shared by Paul Merrell on 02 Apr 14 - No Cached
  • US intelligence chiefs have confirmed that the National Security Agency has used a "back door" in surveillance law to perform warrantless searches on Americans’ communications.The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases.Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed the use of this legal authority to search for data related to “US persons”.
  • “There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,” Clapper wrote in the letter, which has been obtained by the Guardian.“These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.” The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a “backdoor search loophole.”Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program – a huge network of internet cable taps.
  • Clapper did not say how many warrantless searches had been performed by the NSA. It was not the first time the searches had been confirmed: after the Snowden leaks, the office of the director of national intelligence declassified documents that discussed the rule change. But Clapper's letter drew greater attention to the issue.Confirmation that the NSA has searched for Americans’ communications in its phone call and email databases complicates President Barack Obama’s initial defenses of the broad surveillance in June.“When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about,” Obama said. “As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content.”Obama was referring specifically to the bulk collection of US phone records, but his answer misleadingly suggested that the NSA could not examine Americans’ phone calls and emails.
  • ...4 more annotations...
  • At a recent hearing of the Privacy and Civil Liberties Oversight Board, administration lawyers defended their latitude to perform such searches. The board is scheduled to deliver a report on the legal authority under which the communications are collected, Section 702 of the Foreign Intelligence Surveillance Act (Fisa), passed in 2008. Wyden and Colorado Democrat Mark Udall failed in 2012 to persuade their fellow Senate intelligence committee members to prevent such warrantless searches during the re-authorisation of the 2008 Fisa Amendments Act, which wrote Section 702 into law. Dianne Feinstein, the California Democrat who chairs the committee, defended the practice, and argued that it did not violate the act’s “reverse targeting” prohibition on using NSA’s vast powers to collect content on Americans.
  • Much of the NSA's bulk data collection is covered by section 702 of the Fisa Amendments Act. This allows for the collection of communications – content and metadata alike – without individual warrants, so long as there is a reasonable belief the communications are both foreign and overseas.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection".Initially, NSA rules on such data prevented the databases being searched for any details relating to "US persons" – that is, citizens or residents of the US. However, in October 2011 the Fisa court approved new procedures which allowed the agency to search for US person data, a revelation contained in documents revealed by Snowden.
  • The ruling appears to give the agency free access to search for information relating to US people within its vast databases, though not to specifically collect information against US citizens in the first place. However, until the DNI's disclosure to Wyden, it was not clear whether the NSA had ever actually used these powers.On Tuesday, Wyden and Udall said the NSA’s warrantless searches of Americans’ emails and phone calls “should be concerning to all.” “This is unacceptable. It raises serious constitutional questions, and poses a real threat to the privacy rights of law-abiding Americans. If a government agency thinks that a particular American is engaged in terrorism or espionage, the fourth amendment requires that the government secure a warrant or emergency authorisation before monitoring his or her communications. This fact should be beyond dispute,” the two senators said in a joint statement.
  • They continued: “Today’s admission by the Director of National Intelligence is further proof that meaningful surveillance reform must include closing the back-door searches loophole and requiring the intelligence community to show probable cause before deliberately searching through data collected under section 702 to find the communications of individual Americans."
Paul Merrell

Lawmakers warn of 'radical' move by NSA to share information | TheHill - 0 views

thehill.com/...tutional-dangerous-nsa-changes

surveillance state NSA raw-data-sharing

shared by Paul Merrell on 24 Mar 16 - No Cached
  • A bipartisan pair of lawmakers is expressing alarm at reported changes at the National Security Agency that would allow the intelligence service’s information to be used for policing efforts in the United States.“If media accounts are true, this radical policy shift by the NSA would be unconstitutional, and dangerous,” Reps. Ted Lieu (D-Calif.) and Blake FarentholdBlake FarentholdLawmakers warn of 'radical' move by NSA to share information Overnight Tech: Netflix scores win over Postal Service Lawmakers go green for St. Patrick's Day MORE (R-Texas) wrote in a letter to the spy agency this week. “The proposed shift in the relationship between our intelligence agencies and the American people should not be done in secret.ADVERTISEMENT“NSA’s mission has never been, and should never be, domestic policing or domestic spying.”The NSA has yet to publicly announce the change, but The New York Times reported last month that the administration was poised to expand the agency's ability to share information that it picks up about people’s communications with other intelligence agencies.The modification would open the door for the NSA to give the FBI and other federal agencies uncensored communications of foreigners and Americans picked up incidentally — but without a warrant — during sweeps.  
  • Robert Litt, the general counsel at the Office of the Director of National Intelligence, told the Times that it was finalizing a 21-page draft of procedures to allow the expanded sharing.  Separately, the Guardian reported earlier this month that the FBI had quietly changed its internal privacy rules to allow direct access to the NSA’s massive storehouse of communication data picked up on Internet service providers and websites.The revelations unnerved civil liberties advocates, who encouraged lawmakers to demand answers of the spy agency.“Under a policy like this, information collected by the NSA would be available to a host of federal agencies that may use it to investigate and prosecute domestic crimes,” said Neema Singh Guliani, legislative counsel and the American Civil Liberties Union. “Making such a change without authorization from Congress or the opportunity for debate would ignore public demands for greater transparency and oversight over intelligence activities.”In their letter this week, Lieu and Farenthold warned that the NSA’s changes would undermine Congress and unconstitutionally violate people’s privacy rights.   
  • “The executive branch would be violating the separation of powers by unilaterally transferring warrantless data collected under the NSA’s extraordinary authority to domestic agencies, which do not have such authority,” they wrote.“Domestic law enforcement agencies — which need a warrant supported by probable cause to search or seize — cannot do an end run around the Fourth Amendment by searching warrantless information collected by the NSA.”
1 - 20 of 66 Next › Last »
Showing 20 items per page