Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged bulk-collection

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

The Latest Rules on How Long NSA Can Keep Americans' Encrypted Data Look Too Familiar |... - 0 views

justsecurity.org/...s-hold-encrypted-data-familiar

surveillance state NSA IAA-2015 Sect-309 legislation

shared by Paul Merrell on 26 Jan 15 - No Cached
  • Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.
  • Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 
  • While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.
  • ...6 more annotations...
  • This language is broad, circular, and technically incoherent, so it takes some effort to parse appropriately. When the minimization procedures were disclosed in 2013, this language was interpreted by outside commentators to mean that NSA may keep all encrypted data that has been incidentally collected under Section 702 for at least as long as is necessary to decrypt that data. Is this the correct interpretation? I think so. It is important to realize that the language above isn’t just broad. It seems purposefully broad. The part regarding relevance seems to mirror the rationale NSA has used to justify its bulk phone records collection program. Under that program, all phone records were relevant because some of those records could be valuable to terrorism investigations and (allegedly) it isn’t possible to collect only those valuable records. This is the “to find a needle a haystack, you first have to have the haystack” argument. The same argument could be applied to encrypted data and might be at play here.
  • This exception doesn’t just apply to encrypted data that might be relevant to a current foreign intelligence investigation. It also applies to cases in which the encrypted data is likely to become relevant to a future intelligence requirement. This is some remarkably generous language. It seems one could justify keeping any type of encrypted data under this exception. Upon close reading, it is difficult to avoid the conclusion that these procedures were written carefully to allow NSA to collect and keep a broad category of encrypted data under the rationale that this data might contain the communications of NSA targets and that it might be decrypted in the future. If NSA isn’t doing this today, then whoever wrote these minimization procedures wanted to at least ensure that NSA has the authority to do this tomorrow.
  • There are a few additional observations that are worth making regarding these nominally new retention guidelines and Section 702 collection. First, the concept of incidental collection as it has typically been used makes very little sense when applied to encrypted data. The way that NSA’s Section 702 upstream “about” collection is understood to work is that technology installed on the network does some sort of pattern match on Internet traffic; say that an NSA target uses example@gmail.com to communicate. NSA would then search content of emails for references to example@gmail.com. This could notionally result in a lot of incidental collection of U.S. persons’ communications whenever the email that references example@gmail.com is somehow mixed together with emails that have nothing to do with the target. This type of incidental collection isn’t possible when the data is encrypted because it won’t be possible to search and find example@gmail.com in the body of an email. Instead, example@gmail.com will have been turned into some alternative, indecipherable string of bits on the network. Incidental collection shouldn’t occur because the pattern match can’t occur in the first place. This demonstrates that, when communications are encrypted, it will be much harder for NSA to search Internet traffic for a unique ID associated with a specific target.
  • This lends further credence to the conclusion above: rather than doing targeted collection against specific individuals, NSA is collecting, or plans to collect, a broad class of data that is encrypted. For example, NSA might collect all PGP encrypted emails or all Tor traffic. In those cases, NSA could search Internet traffic for patterns associated with specific types of communications, rather than specific individuals’ communications. This would technically meet the definition of incidental collection because such activity would result in the collection of communications of U.S. persons who aren’t the actual targets of surveillance. Collection of all Tor traffic would entail a lot of this “incidental” collection because the communications of NSA targets would be mixed with the communications of a large number of non-target U.S. persons. However, this “incidental” collection is inconsistent with how the term is typically used, which is to refer to over-collection resulting from targeted surveillance programs. If NSA were collecting all Tor traffic, that activity wouldn’t actually be targeted, and so any resulting over-collection wouldn’t actually be incidental. Moreover, greater use of encryption by the general public would result in an ever-growing amount of this type of incidental collection.
  • This type of collection would also be inconsistent with representations of Section 702 upstream collection that have been made to the public and to Congress. Intelligence officials have repeatedly suggested that search terms used as part of this program have a high degree of specificity. They have also argued that the program is an example of targeted rather than bulk collection. ODNI General Counsel Robert Litt, in a March 2014 meeting before the Privacy and Civil Liberties Oversight Board, stated that “there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.” The collection of Internet traffic based on patterns associated with types of communications would be bulk collection; more akin to NSA’s collection of phone records en mass than it is to targeted collection focused on specific individuals. Moreover, this type of collection would certainly fall within the definition of bulk collection provided just last week by the National Academy of Sciences: “collection in which a significant portion of the retained data pertains to identifiers that are not targets at the time of collection.”
  • The Section 702 minimization procedures, which will serve as a template for any new retention guidelines established for E.O. 12333 collection, create a large loophole for encrypted communications. With everything from email to Internet browsing to real-time communications moving to encrypted formats, an ever-growing amount of Internet traffic will fall within this loophole.
  • Paul Merrell on 26 Jan 15
     
    Tucked into a budget authorization act in December without press notice. Section 309 (the Act is linked from the article) appears to be very broad authority for the NSA to intercept any form of telephone or other electronic information in bulk. There are far more exceptions from the five-year retention limitation than the encrypted information exception. When reading this, keep in mind that the U.S. intelligence community plays semantic games to obfuscate what it does. One of its word plays is that communications are not "collected" until an analyst looks at or listens to partiuclar data, even though the data will be searched to find information countless times before it becomes "collected." That searching was the major basis for a decision by the U.S. District Court in Washington, D.C. that bulk collection of telephone communications was unconstitutional: Under the Fourth Amendment, a "search" or "seizure" requiring a judicial warrant occurs no later than when the information is intercepted. That case is on appeal, has been briefed and argued, and a decision could come any time now. Similar cases are pending in two other courts of appeals. Also, an important definition from the new Intelligence Authorization Act: "(a) DEFINITIONS.-In this section: (1) COVERED COMMUNICATION.-The term ''covered communication'' means any nonpublic telephone or electronic communication acquired without the consent of a person who is a party to the communication, including communications in electronic storage."       
Paul Merrell

European Human Rights Court Deals a Heavy Blow to the Lawfulness of Bulk Surveillance |... - 0 views

www.justsecurity.org/...w-lawfulness-bulk-surveillance

surveillance state bulk-collection ECHR litigation

shared by Paul Merrell on 11 Dec 15 - No Cached
  • In a seminal decision updating and consolidating its previous jurisprudence on surveillance, the Grand Chamber of the European Court of Human Rights took a sideways swing at mass surveillance programs last week, reiterating the centrality of “reasonable suspicion” to the authorization process and the need to ensure interception warrants are targeted to an individual or premises. The decision in Zakharov v. Russia — coming on the heels of the European Court of Justice’s strongly-worded condemnation in Schrems of interception systems that provide States with “generalised access” to the content of communications — is another blow to governments across Europe and the United States that continue to argue for the legitimacy and lawfulness of bulk collection programs. It also provoked the ire of the Russian government, prompting an immediate legislative move to give the Russian constitution precedence over Strasbourg judgments. The Grand Chamber’s judgment in Zakharov is especially notable because its subject matter — the Russian SORM system of interception, which includes the installation of equipment on telecommunications networks that subsequently enables the State direct access to the communications transiting through those networks — is similar in many ways to the interception systems currently enjoying public and judicial scrutiny in the United States, France, and the United Kingdom. Zakharov also provides a timely opportunity to compare the differences between UK and Russian law: Namely, Russian law requires prior independent authorization of interception measures, whereas neither the proposed UK law nor the existing legislative framework do.
  • The decision is lengthy and comprises a useful restatement and harmonization of the Court’s approach to standing (which it calls “victim status”) in surveillance cases, which is markedly different from that taken by the US Supreme Court. (Indeed, Judge Dedov’s separate but concurring opinion notes the contrast with Clapper v. Amnesty International.) It also addresses at length issues of supervision and oversight, as well as the role played by notification in ensuring the effectiveness of remedies. (Marko Milanovic discusses many of these issues here.) For the purpose of the ongoing debate around the legitimacy of bulk surveillance regimes under international human rights law, however, three particular conclusions of the Court are critical.
  • The Court took issue with legislation permitting the interception of communications for broad national, military, or economic security purposes (as well as for “ecological security” in the Russian case), absent any indication of the particular circumstances under which an individual’s communications may be intercepted. It said that such broadly worded statutes confer an “almost unlimited degree of discretion in determining which events or acts constitute such a threat and whether that threat is serious enough to justify secret surveillance” (para. 248). Such discretion cannot be unbounded. It can be limited through the requirement for prior judicial authorization of interception measures (para. 249). Non-judicial authorities may also be competent to authorize interception, provided they are sufficiently independent from the executive (para. 258). What is important, the Court said, is that the entity authorizing interception must be “capable of verifying the existence of a reasonable suspicion against the person concerned, in particular, whether there are factual indications for suspecting that person of planning, committing or having committed criminal acts or other acts that may give rise to secret surveillance measures, such as, for example, acts endangering national security” (para. 260). This finding clearly constitutes a significant threshold which a number of existing and pending European surveillance laws would not meet. For example, the existence of individualized reasonable suspicion runs contrary to the premise of signals intelligence programs where communications are intercepted in bulk; by definition, those programs collect information without any consideration of individualized suspicion. Yet the Court was clearly articulating the principle with national security-driven surveillance in mind, and with the knowledge that interception of communications in Russia is conducted by Russian intelligence on behalf of law enforcement agencies.
  • ...6 more annotations...
  • This element of the Grand Chamber’s decision distinguishes it from prior jurisprudence of the Court, namely the decisions of the Third Section in Weber and Saravia v. Germany (2006) and of the Fourth Section in Liberty and Ors v. United Kingdom (2008). In both cases, the Court considered legislative frameworks which enable bulk interception of communications. (In the German case, the Court used the term “strategic monitoring,” while it referred to “more general programmes of surveillance” in Liberty.) In the latter case, the Fourth Section sought to depart from earlier European Commission of Human Rights — the court of first instance until 1998 — decisions which developed the requirements of the law in the context of surveillance measures targeted at specific individuals or addresses. It took note of the Weber decision which “was itself concerned with generalized ‘strategic monitoring’, rather than the monitoring of individuals” and concluded that there was no “ground to apply different principles concerning the accessibility and clarity of the rules governing the interception of individual communications, on the one hand, and more general programmes of surveillance, on the other” (para. 63). The Court in Liberty made no mention of any need for any prior or reasonable suspicion at all.
  • In Weber, reasonable suspicion was addressed only at the post-interception stage; that is, under the German system, bulk intercepted data could be transmitted from the German Federal Intelligence Service (BND) to law enforcement authorities without any prior suspicion. The Court found that the transmission of personal data without any specific prior suspicion, “in order to allow the institution of criminal proceedings against those being monitored” constituted a fairly serious interference with individuals’ privacy rights that could only be remedied by safeguards and protections limiting the extent to which such data could be used (para. 125). (In the context of that case, the Court found that Germany’s protections and restrictions were sufficient.) When you compare the language from these three cases, it would appear that the Grand Chamber in Zakharov is reasserting the requirement for individualized reasonable suspicion, including in national security cases, with full knowledge of the nature of surveillance considered by the Court in its two recent bulk interception cases.
  • The requirement of reasonable suspicion is bolstered by the Grand Chamber’s subsequent finding in Zakharov that the interception authorization (e.g., the court order or warrant) “must clearly identify a specific person to be placed under surveillance or a single set of premises as the premises in respect of which the authorisation is ordered. Such identification may be made by names, addresses, telephone numbers or other relevant information” (para. 264). In making this finding, it references paragraphs from Liberty describing the broad nature of the bulk interception warrants under British law. In that case, it was this description that led the Court to find the British legislation possessed insufficient clarity on the scope or manner of exercise of the State’s discretion to intercept communications. In one sense, therefore, the Grand Chamber seems to be retroactively annotating the Fourth Section’s Liberty decision so that it might become consistent with its decision in Zakharov. Without this revision, the Court would otherwise appear to depart to some extent — arguably, purposefully — from both Liberty and Weber.
  • Finally, the Grand Chamber took issue with the direct nature of the access enjoyed by Russian intelligence under the SORM system. The Court noted that this contributed to rendering oversight ineffective, despite the existence of a requirement for prior judicial authorization. Absent an obligation to demonstrate such prior authorization to the communications service provider, the likelihood that the system would be abused through “improper action by a dishonest, negligent or overly zealous official” was quite high (para. 270). Accordingly, “the requirement to show an interception authorisation to the communications service provider before obtaining access to a person’s communications is one of the important safeguards against abuse by the law-enforcement authorities” (para. 269). Again, this requirement arguably creates an unconquerable barrier for a number of modern bulk interception systems, which rely on the use of broad warrants to authorize the installation of, for example, fiber optic cable taps that facilitate the interception of all communications that cross those cables. In the United Kingdom, the Independent Reviewer of Terrorism Legislation David Anderson revealed in his essential inquiry into British surveillance in 2015, there are only 20 such warrants in existence at any time. Even if these 20 warrants are served on the relevant communications service providers upon the installation of cable taps, the nature of bulk interception deprives this of any genuine meaning, making the safeguard an empty one. Once a tap is installed for the purposes of bulk interception, the provider is cut out of the equation and can no longer play the role the Court found so crucial in Zakharov.
  • The Zakharov case not only levels a serious blow at bulk, untargeted surveillance regimes, it suggests the Grand Chamber’s intention to actively craft European Court of Human Rights jurisprudence in a manner that curtails such regimes. Any suggestion that the Grand Chamber’s decision was issued in ignorance of the technical capabilities or intentions of States and the continued preference for bulk interception systems should be dispelled; the oral argument in the case took place in September 2014, at a time when the Court had already indicated its intention to accord priority to cases arising out of the Snowden revelations. Indeed, the Court referenced such forthcoming cases in the fact sheet it issued after the Zakharov judgment was released. Any remaining doubt is eradicated through an inspection of the multiple references to the Snowden revelations in the judgment itself. In the main judgment, the Court excerpted text from the Director of the European Union Agency for Human Rights discussing Snowden, and in the separate opinion issued by Judge Dedov, he goes so far as to quote Edward Snowden: “With each court victory, with every change in the law, we demonstrate facts are more convincing than fear. As a society, we rediscover that the value of the right is not in what it hides, but in what it protects.”
  • The full implications of the Zakharov decision remain to be seen. However, it is likely we will not have to wait long to know whether the Grand Chamber intends to see the demise of bulk collection schemes; the three UK cases (Big Brother Watch & Ors v. United Kingdom, Bureau of Investigative Journalism & Alice Ross v. United Kingdom, and 10 Human Rights Organisations v. United Kingdom) pending before the Court have been fast-tracked, indicating the Court’s willingness to continue to confront the compliance of bulk collection schemes with human rights law. It is my hope that the approach in Zakharov hints at the Court’s conviction that bulk collection schemes lie beyond the bounds of permissible State surveillance.
Paul Merrell

NSA head: We need bulk collection | TheHill - 0 views

thehill.com/...a-head-we-need-bulk-collection

surveillance state NSA Rogers Congress bulk-collection

shared by Paul Merrell on 28 Sep 15 - No Cached
  • The head of the National Security Agency on Thursday told Senate lawmakers that preventing his agency from collecting Americans’ information in bulk would make it harder to do its job.Under questioning before the Senate Intelligence Committee, Adm. Michael Rogers agreed that ending bulk collection would “significantly reduce [his] operational capabilities.”ADVERTISEMENT“Right now, bulk collection gives us the ability ... to generate insights as to what’s going on,” Rogers told the committee.The NSA head also referenced a January report from the National Academy of Sciences that concluded there is “no software technique that will fully substitute for bulk collection” because of the ability to search through the storehouse of old information. “That independent, impartial, scientifically-founded body came back and said no, under the current structure there is no real replacement,” Rogers said.Rogers was questioned on Thursday by Sen. Ron Wyden (D-Ore.), a member of the Intelligence Committee who has become its most vocal privacy hawk.
  • In response to the NSA head’s comments, Wyden pointed to a 2013 White House review group, which found that one controversial NSA bulk collection program “was not essential to preventing attacks” and that the information obtained by the NSA “could readily have been obtained in a timely manner using” other means.The debate follows on a congressional clash earlier this year over the NSA’s bulk collection of records about the phone calls of millions of Americans. The records contained information about whom people called and when but not what they talked about.
  • After a brief lapsing of some portions of the Patriot Act, Congress eventually reined in the NSA by forcing it to go through the courts to search private phone companies’ records for a narrower set of records. Many privacy advocates treated the new law, called the USA Freedom Act, as a significant victory, through national security hawks worried that it would make it harder for the NSA to track terrorists.Under the new system — which has not gone into effect yet — the amount of time it takes to obtain those records “is probably going to be longer I suspect,” Rogers said.Though the phone records database has been the NSA’s most prominent bulk collection program, it is not the only one. The agency’s collection of vast amounts of Internet data has alarmed many privacy advocates and is the target of a current lawsuit from Wikipedia and the American Civil Liberties Union. 
Paul Merrell

Court asked to kill off NSA's 'zombie dragnet' of Americans' bulk phone data | US news ... - 0 views

www.theguardian.com/...-dragnet-bulk-phone-data-court

surveillance state NSA bulk bulk-collection telephone-metadata litigation 2nd-Circuit

shared by Paul Merrell on 16 Jul 15 - No Cached
  • The leading civil liberties group in the United States has requested a federal court to stop the National Security Agency from collecting Americans’ phone data in bulk through the end of the year.
  • While the surveillance dragnet was phased out by Congress and Barack Obama last month, an American Civil Liberties Union suit seeks to end a twilight, zombie period of the same US phone records collection, slated under the new law to last six months. “Today the government is continuing – after a brief suspension – to collect Americans’ call records in bulk on the purported authority of precisely the same statutory language this court has already concluded does not permit it,” the ACLU writes in a motion filed on Tuesday before the second circuit court of appeals.
  • The venue is significant. On 7 May, as Congress debated ending the domestic phone-records collection, the second circuit ruled the collection was illegal. Yet it did not order Obama’s administration to cease the bulk collection, writing that a preferable option would be to stay out of the unfolding legislative battle over the future scope of US surveillance. That debate ended on 2 June with the passage of the USA Freedom Act, which reinstated expired provisions of the Patriot Act that the government had since 2006 relied upon – erroneously, in the second circuit’s view – for the bulk collection. Yet it ended the NSA’s bulk US phone records collection and created a new mechanism for the NSA to gather “call data records” from telecoms pursuant to a court order.
  • ...1 more annotation...
  • Within hours of signing the bill, Obama requested that the secret surveillance panel known as the Fisa court reinstate the dragnet, relying on a provision permitting a six-month “transition” period. Judge Michael Mosman granted the request on 29 June. The ACLU, which was the plaintiff in the case the second circuit decided, has indicated since the Fisa court began considering resumption of the dragnet that it would seek an injunction. Its major contention in support of the requested injunction is that despite the Freedom Act’s provision for a transition period, the underlying law authorizing the bulk surveillance remains the same Patriot Act provisions that the second circuit held do not justify the NSA phone-records collection. “There is no sound reason to accord this language a different meaning now than the court accorded it in May. [The Patriot Act] did not authorize bulk collection in May, and it does not authorize it now,” reads the ACLU brief.
Paul Merrell

NSA program stopped no terror attacks, says White House panel member - Investigations - 0 views

investigations.nbcnews.com/...-says-white-house-panel-member

surveillance state NSA NSA-blowback Obama call-metadata

shared by Paul Merrell on 21 Dec 13 - No Cached
  • A member of the White House review panel on NSA surveillance said he was “absolutely” surprised when he discovered the agency’s lack of evidence that the bulk collection of telephone call records had thwarted any terrorist attacks.
  • “It was, ‘Huh, hello? What are we doing here?’” said Geoffrey Stone, a University of Chicago law professor, in an interview with NBC News. “The results were very thin.”While Stone said the mass collection of telephone call records was a “logical program” from the NSA’s perspective, one question the White House panel was seeking to answer was whether it had actually stopped “any [terror attacks] that might have been really big.” Advertise | AdChoices “We found none,” said Stone. Under the NSA program, first revealed by ex-contractor Edward Snowden, the agency collects in bulk the records of the time and duration of phone calls made by persons inside the United States.Stone was one of five members of the White House review panel – and the only one without any intelligence community experience – that this week produced a sweeping report recommending that the NSA’s collection of phone call records be terminated to protect Americans’ privacy rights.The panel made that recommendation after concluding that the program was “not essential in preventing attacks.”“That was stunning. That was the ballgame,” said one congressional intelligence official, who asked not to be publicly identified. “It flies in the face of everything that they have tossed at us.”
  • The conclusions of the panel’s reports were at direct odds with public statements by President Barack Obama and U.S. intelligence officials. “Lives have been saved,” Obama told reporters last June, referring to the bulk collection program and another program that intercepts communications overseas. “We know of at least 50 threats that have been averted because of this information.”
  • ...3 more annotations...
  • But in one little-noticed footnote in its report, the White House panel said the telephone records collection program – known as Section 215, based on the provision of the U.S. Patriot Act that provided the legal basis for it – had made “only a modest contribution to the nation’s security.” The report said that “there has been no instance in which NSA could say with confidence that the outcome [of a terror investigation] would have been any different” without the program. Advertise | AdChoices The panel’s findings echoed that of U.S. Judge Richard Leon, who in a ruling this week found the bulk collection program to be unconstitutional. Leon said that government officials were unable to cite “a single instance in which analysis of the NSA’s bulk collection metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time-sensitive in nature.” 
  • Stone declined to comment on the accuracy of public statements by U.S. intelligence officials about the telephone collection program, but said that when they referred to successes they seemed to be mixing the results of domestic metadata collection with the intelligence derived from the separate, and less controversial, NSA program, known as 702, to intercept communications overseas.The comparison between 702 overseas interceptions and 215 bulk metadata collection was “night and day,” said Stone. “With 702, the record is very impressive. It’s no doubt the nation is safer and spared potential attacks because of 702. There was nothing like that for 215. We asked the question and they [the NSA] gave us the data. They were very straight about it.”He also said one reason the telephone records program is not effective is because, contrary to the claims of critics, it actually does not collect a record of every American’s phone call. Although the NSA does collect metadata from major telecommunications carriers such as Verizon and AT&T, there are many smaller carriers from which it collects nothing. Asked if the NSA was collecting the records of 75 percent of phone calls, an estimate that has been used in briefings to Congress , Stone said the real number was classified but “not anything close to that” and far lower.
  • When panel members asked NSA officials why they didn’t expand the program to include smaller carriers, the answer they gave was “money,” Stone said. “They were setting financial priorities,” said Stone, and that was “really revealing” about how useful the bulk collection of telephone calls really was.An NSA spokeswoman declined to comment on any aspect of the panel’s report, saying the agency was deferring to the White House. Asked Wednesday about the surveillance panel’s conclusions about telephone record collection, White House press secretary Jay Carney said that “the president does still believe and knows that this program is an important piece of the overall efforts that we engage in to combat threats against the lives of American citizens and threats to our overall national security.”
  • Paul Merrell on 21 Dec 13
     
    Obama still believes "this program is an important piece of the overall efforts?" Whew! 
Paul Merrell

The Orwellian Re-Branding of "Mass Surveillance" as Merely "Bulk Collection" - The Inte... - 0 views

firstlook.org/...illance-merely-bulk-collection

surveillance state propaganda bulk-collection mass-surveillance

shared by Paul Merrell on 14 Mar 15 - No Cached
  • Just as the Bush administration and the U.S. media re-labelled “torture” with the Orwellian euphemism “enhanced interrogation techniques” to make it more palatable, the governments and media of the Five Eyes surveillance alliance are now attempting to re-brand “mass surveillance” as “bulk collection” in order to make it less menacing (and less illegal). In the past several weeks, this is the clearly coordinated theme that has arisen in the U.S., UK, Canada, Australia and New Zealand as the last defense against the Snowden revelations, as those governments seek to further enhance their surveillance and detention powers under the guise of terrorism.
  • This manipulative language distortion can be seen perfectly in yesterday’s white-washing report of GCHQ mass surveillance from the servile rubber-stamp calling itself “The Intelligence and Security Committee of the UK Parliament (ISC)”(see this great Guardian Editorial this morning on what a “slumbering” joke that “oversight” body is). As Committee Member MP Hazel Blears explained yesterday (photo above), the Parliamentary Committee officially invoked this euphemism to justify the collection of billions of electronic communications events every day. The Committee actually acknowledged for the first time (which Snowden documents long ago proved) that GCHQ maintains what it calls “Bulk Personal Datasets” that contain “millions of records,” and even said about pro-privacy witnesses who testified before it: “we recognise their concerns as to the intrusive nature of bulk collection.” That is the very definition of “mass surveillance,” yet the Committee simply re-labelled it “bulk collection,” purported to distinguish it from “mass surveillance,” and thus insist that it was all perfectly legal.
  • This re-definition game goes as follows: yes, we vacuum up and store literally as much of the internet as we possibly can. Then we analyze all the data about what you’re doing, with whom you’re speaking, and who your network of associates is. Based on that analysis of all of you and your activities, we then read the communications that we want (with virtually no checks and concealing from you what percentage of it we’re reading), and store as much of the rest of it as technology permits for future trolling. But don’t worry: we’re only reading the Bad People’s emails. So run along then: no mass surveillance here. Just bulk collection! It’s not mass surveillance, but “enhanced collection techniques.”  One of the many facts that made the re-defining of “torture” so corrupt and indisputably invalid was that there was long-standing law making clear that exactly these interrogation techniques used by the U.S. government were torture and thus illegal. The same is true of this obscene attempt to re-define “mass surveillance” as nothing more than mere innocent “bulk collection.”
  • ...2 more annotations...
  • As Caspar Bowden points out, EU law is crystal clear that exactly what these agencies are doing constitutes illegal mass surveillance. From the 2000 decision of the European Court of Human Rights in Amann v. Switzerland, which found a violation of the right to privacy guaranteed by Article 8 of the European Convention on Human Rights and rejected the defense from the government that no privacy violation occurs if the data is not reviewed or exploited: The Court reiterates that the storing of data relating to the “private life” of an individual falls within the application of Article 8 § 1  . . . . The Court reiterates that the storing by a public authority of information relating to an individual’s private life amounts to an interference within the meaning of Article 8. The subsequent use of the stored information has no bearing on that finding (emphasis added). A separate 2000 ruling found a violation of privacy rights even when the government is merely storing records regarding one’s activities undertaken in public (such as attending demonstrations), because “public information can fall within the scope of private life where it is systematically collected and stored in files held by the authorities.” That’s why an EU Parliamentary Inquiry into the Snowden revelations condemned NSA and GCHQ spying in the “strongest possible terms,” pointing out that it was classic “mass surveillance” and thus illegal. That’s the same rationale that led a U.S. federal court to conclude that mass metatdata collection was very likely an unconstitutional violation of the privacy rights in the Fourth Amendment.
  • By itself, common sense should prevent any of these governments from claiming that sweeping up, storing, and analyzing much of the internet – literally examining billions of communications activities every week of entire populations – is something other than “mass surveillance.” Yet this has now become the coordinated defense from the governments in the U.S., the UK, Canada, New Zealand and Australia. It’s nothing short of astonishing to watch them try to get away with this kind of propagnadistic sophistry. (In the wake of our reports with journalist Nicky Hager on GCSB, watch the leader of New Zealand’s Green Party interrogate the country’s flailing Prime Minister this week in Parliament about this completely artificial distinction). But – just as it was stunning to watch media outlets refuse to use the term “torture” because the U.S. Government demanded that it be called something else – this Orwellian switch in surveillance language is now predictably (and mindlessly) being adopted by those nations’ most state-loyal media outlets.
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

www.theguardian.com/...-likely-unconstitutional-judge

surveillance state NSA call-metadata litigation 4th Amendment constitutional law NSA-blowback

shared by Paul Merrell on 17 Dec 13 - No Cached
  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  • Paul Merrell on 17 Dec 13
     
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  • Paul Merrell on 17 Dec 13
     
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
Paul Merrell

Wyden, Udall Statement on the Disclosure of Bulk Email Records Collection Program | Pre... - 0 views

www.wyden.senate.gov/...ail-records-collection-program

surveillance state NSA NSA-blowback efficacy email Udall Wyden

shared by Paul Merrell on 04 Jul 13 - No Cached
  • U. S. Senators Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), both members of the Senate Intelligence Committee, released the following statement regarding the recent disclosure by intelligence officials that the NSA operated a bulk email records collection program under the authority of the Patriot Act until 2011.  This program is distinct from the internet-related collection carried out under section 702 of the FISA Amendments Act (which involves the PRISM computer system).   “We are quite familiar with the bulk email records collection program that operated under the USA Patriot Act and has now been confirmed by senior intelligence officials.  We were very concerned about this program’s impact on Americans’ civil liberties and privacy rights, and we spent a significant portion of 2011 pressing intelligence officials to provide evidence of its effectiveness.  They were unable to do so, and the program was shut down that year.  
  • “As we have noted, the Patriot Act’s surveillance authorities are not limited to phone records.  In fact, section 215 of the Patriot Act can be used to collect any type of records whatsoever.  The fact that Patriot Act authorities were used for the bulk collection of email records as well as phone records underscores our concern that this authority could be used to collect other types of records in bulk as well, including information on credit card purchases, medical records, library records, firearm sales records, financial information and a range of other sensitive subjects.  These other types of collection could clearly have a significant impact on Americans’ constitutional rights.   “Intelligence officials have noted that the bulk email records program was discussed with both Congress and the Foreign Intelligence Surveillance Court.  In our judgment it is also important to note that intelligence agencies made statements to both Congress and the Court that significantly exaggerated this program’s effectiveness.  This experience demonstrates to us that intelligence agencies’ assessments of the usefulness of particular collection programs – even significant ones – are not always accurate.  This experience has also led us to be skeptical of claims about the value of the bulk phone records collection program in particular.  
  • “We believe that the broader lesson here is that even though intelligence officials may be well-intentioned, assertions from intelligence agencies about the value and effectiveness of particular programs should not simply be accepted at face value by policymakers or oversight bodies any more than statements about the usefulness of other government programs should be taken at face value when they are made by other government officials.  It is up to Congress, the courts and the public to ask the tough questions and press even experienced intelligence officials to back their assertions up with actual evidence, rather than simply deferring to these officials’ conclusions without challenging them.   “We look forward to continuing the debate about the effectiveness of the ongoing Patriot Act phone records collection program in the days and weeks ahead.”
Paul Merrell

With court approval, NSA resumes bulk collection of phone data - The Washington Post - 0 views

www.washingtonpost.com/...5-bf41-c23f5d3face1_story.html

surveillance state NSA phone-metadata bulk-collection resumption

shared by Paul Merrell on 01 Jul 15 - No Cached
  • The National Security Agency on Tuesday restarted its bulk collection of Americans’ phone records for a temporary period, following a federal court ruling this week that gave it the green light, U.S. officials said. The Foreign Intelligence Surveillance Court on Monday ruled that the NSA could resume gathering millions of Americans’ phone metadata — call times, dates and durations — to scan for links to foreign terrorists. [Here’s the court’s opinion] But the resumption is good for only 180 days — or until Nov. 29, in compliance with the USA Freedom Act. That law, which President Obama signed June 2 after a contentious congressional debate, will end the government’s bulk collection of metadata. It provided, however, for a transition period to allow the NSA time to set up an alternative system in which the data is stored by the phone companies.
  • After the law took effect, the government immediately applied to the surveillance court to restart its collection. Because Congress passed the bill a day after the underlying statute authorizing the NSA program had expired, there was a question as to whether lawmakers had authorized the government’s temporary harvesting of phone records. “In passing the USA Freedom Act, Congress clearly intended to end bulk data collection of business records and other tangible things,” Judge Michael W. Mosman wrote in his opinion. “But what it took away with one hand, it gave back — for a limited time — with the other. . . . It chose to allow a 180-day transitional period during which such [bulk] collection could continue.”
  • Sen. Ron Wyden (D-Ore.) said he saw no reason to resume collection, even on a temporary basis. “This illegal dragnet surveillance violated Americans’ rights for 14 years without making our country any safer,” he said. Mosman also ruled that FreedomWorks, a grass-roots libertarian organization, and its attorney, Ken Cuccinelli II, could submit “friend of the court” briefs that argue against the lawfulness of the metadata program. In May, a federal appeals court in New York held that the program was unlawful. The U.S. Court of Appeals for the 2nd Circuit ruled that the program stretched the meaning of the statute — Section 215 of the USA Patriot Act — to enable data collection in “staggering” volumes in the chance that “at some future point” there might be a need to search for terrorist links.
Paul Merrell

Canadian Spies Collect Domestic Emails in Secret Security Sweep - The Intercept - 0 views

firstlook.org/...ony-express-email-surveillance

surveillance state Canada CSE bulk-collection email

shared by Paul Merrell on 27 Feb 15 - No Cached
  • Canada’s electronic surveillance agency is covertly monitoring vast amounts of Canadians’ emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada’s equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats.
  • Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation — exposing the controversial details the government withheld from the public. Under Canada’s criminal code, CSE is not allowed to eavesdrop on Canadians’ communications. But the agency can be granted special ministerial exemptions if its efforts are linked to protecting government infrastructure — a loophole that the Snowden documents show is being used to monitor the emails. The latest revelations will trigger concerns about how Canadians’ private correspondence with government employees are being archived by the spy agency and potentially shared with police or allied surveillance agencies overseas, such as the NSA. Members of the public routinely communicate with government employees when, for instance, filing tax returns, writing a letter to a member of parliament, applying for employment insurance benefits or submitting a passport application.
  • Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.” Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.” In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.” The document outlines how CSE built a system to handle a massive 400 terabytes of data from Internet networks each month — including Canadians’ emails — as part of the cyber operation. (A single terabyte of data can hold about a billion pages of text, or about 250,000 average-sized mp3 files.)
  • ...1 more annotation...
  • The agency notes in the document that it is storing large amounts of “passively tapped network traffic” for “days to months,” encompassing the contents of emails, attachments and other online activity. It adds that it stores some kinds of metadata — data showing who has contacted whom and when, but not the content of the message — for “months to years.” The document says that CSE has “excellent access to full take data” as part of its cyber operations and is receiving policy support on “use of intercepted private communications.” The term “full take” is surveillance-agency jargon that refers to the bulk collection of both content and metadata from Internet traffic. Another top-secret document on the surveillance dated from 2010 suggests the agency may be obtaining at least some of the data by covertly mining it directly from Canadian Internet cables. CSE notes in the document that it is “processing emails off the wire.”
  • Paul Merrell on 27 Feb 15
     
    " CANADIAN SPIES COLLECT DOMESTIC EMAILS IN SECRET SECURITY SWEEP BY RYAN GALLAGHER AND GLENN GREENWALD @rj_gallagher@ggreenwald YESTERDAY AT 2:02 AM SHARE TWITTER FACEBOOK GOOGLE EMAIL PRINT POPULAR EXCLUSIVE: TSA ISSUES SECRET WARNING ON 'CATASTROPHIC' THREAT TO AVIATION CHICAGO'S "BLACK SITE" DETAINEES SPEAK OUT WHY DOES THE FBI HAVE TO MANUFACTURE ITS OWN PLOTS IF TERRORISM AND ISIS ARE SUCH GRAVE THREATS? NET NEUTRALITY IS HERE - THANKS TO AN UNPRECEDENTED GUERRILLA ACTIVISM CAMPAIGN HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE Canada's electronic surveillance agency is covertly monitoring vast amounts of Canadians' emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada's equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats. Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation - exposing the controversial details the government withheld from the public. Under Canada's criminal code, CSE is no
Paul Merrell

Bulk Collection Under Section 215 Has Ended… What's Next? | Just Security - 0 views

www.justsecurity.org/...lk-collection-ended-whats-next

surveillance state NSA-reform 215 bulk-collection EO-12333

shared by Paul Merrell on 01 Dec 15 - No Cached
  • The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”
  • But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.
  • There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.
  • ...2 more annotations...
  • The US intelligence community’s broadest surveillance authorities are enshrined in Executive Order 12333, which primarily covers the interception of electronic communications overseas. The Order authorizes the collection, retention, and dissemination of “foreign intelligence” information, which includes information “relating to the capabilities, intentions or activities of foreign powers, organizations or persons.” In other words, so long as they are operating outside the US, intelligence agencies are authorized to collect information about any foreign person — and, of course, any Americans with whom they communicate. The NSA has conceded that EO 12333 is the basis of most of its surveillance. While public information about these programs is limited, a few highlights give a sense of the breadth of EO 12333 operations: The NSA gathers information about every cell phone call made to, from, and within the Bahamas, Mexico, Kenya, the Philippines, and Afghanistan, and possibly other countries. A joint US-UK program tapped into the cables connecting internal Yahoo and Google networks to gather e-mail address books and contact lists from their customers. Another US-UK collaboration collected images from video chats among Yahoo users and possibly other webcam services. The NSA collects both the content and metadata of hundreds of millions of text messages from around the world. By tapping into the cables that connect global networks, the NSA has created a database of the location of hundreds of millions of mobile phones outside the US.
  • Given its scope, EO 12333 is clearly critical to those seeking serious surveillance reform. The path to reform is, however, less clear. There is no sunset provision that requires action by Congress and creates an opportunity for exposing privacy risks. Even in the unlikely event that Congress was inclined to intervene, it would have to address questions about the extent of its constitutional authority to regulate overseas surveillance. To the best of my knowledge, there is no litigation challenging EO 12333 and the government doesn’t give notice to criminal defendants when it uses evidence derived from surveillance under the order, so the likelihood of a court ruling is slim. The Privacy and Civil Liberties Oversight Board is currently reviewing two programs under EO 12333, but it is anticipated that much of its report will be classified (although it has promised a less detailed unclassified version as well). While the short-term outlook for additional surveillance reform is challenging, from a longer-term perspective, the distinctions that our law makes between Americans and non-Americans and between domestic and foreign collection cannot stand indefinitely. If the Fourth Amendment is to meaningfully protect Americans’ privacy, the courts and Congress must come to grips with this reality.
Paul Merrell

Obama to Call for End to N.S.A.'s Bulk Data Collection - NYTimes.com - 0 views

www.nytimes.com/...eek-nsa-curb-on-call-data.html

surveillance state NSA call-metadata NSA-reform Obama legislation

shared by Paul Merrell on 26 Mar 14 - No Cached
  • The Obama administration is preparing to unveil a legislative proposal for a far-reaching overhaul of the National Security Agency’s once-secret bulk phone records program in a way that — if approved by Congress — would end the aspect that has most alarmed privacy advocates since its existence was leaked last year, according to senior administration officials.Under the proposal, they said, the N.S.A. would end its systematic collection of data about Americans’ calling habits. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the N.S.A. could obtain specific records only with permission from a judge, using a new kind of court order. In a speech in January, President Obama said he wanted to get the N.S.A. out of the business of collecting call records in bulk while preserving the program’s abilities. He acknowledged, however, that there was no easy way to do so, and had instructed Justice Department and intelligence officials to come up with a plan by March 28 — Friday — when the current court order authorizing the program expires.
  • As part of the proposal, the administration has decided to ask the Foreign Intelligence Surveillance Court to renew the program as it exists for at least one more 90-day cycle, senior administration officials said. But under the plan the administration has developed and now advocates, the officials said, it would later undergo major changes. The new type of surveillance court orders envisioned by the administration would require phone companies to swiftly provide records in a technologically compatible data format, including making available, on a continuing basis, data about any new calls placed or received after the order is received, the officials said. They would also allow the government to swiftly seek related records for callers up to two phone calls, or “hops,” removed from the number that has come under suspicion, even if those callers are customers of other companies.
  • The N.S.A. now retains the phone data for five years. But the administration considered and rejected imposing a mandate on phone companies that they hold on to their customers’ calling records for a period longer than the 18 months that federal regulations already generally require — a burden that the companies had resisted shouldering and that was seen as a major obstacle to keeping the data in their hands. A senior administration official said that intelligence agencies had concluded that the operational impact of that change would be small because older data is less important.The N.S.A. uses the once-secret call records program — sometimes known as the 215 program, after Section 215 of the Patriot Act — to analyze links between callers in an effort to identify hidden terrorist associates, if they exist. It was part of the secret surveillance program that President George W. Bush unilaterally put in place after the terrorist attacks of Sept. 11, 2001, outside of any legal framework or court oversight.
  • ...4 more annotations...
  • Marc Rotenberg, the executive director of the Electronic Privacy Information Center, called the administration’s proposal a “sensible outcome, given that the 215 program likely exceeded current legal authority and has not proved to be effective.” While he said that he would like to see more overhauls to other surveillance authorities, he said the proposal was “significant” and addressed the major concerns with the N.S.A.’s bulk records program. Jameel Jaffer of the American Civil Liberties Union said, “We have many questions about the details, but we agree with the administration that the N.S.A.’s bulk collection of call records should end.” He added, “As we’ve argued since the program was disclosed, the government can track suspected terrorists without placing millions of people under permanent surveillance.”
  • In recent days, attention in Congress has shifted to legislation developed by leaders of the House Intelligence Committee. That bill, according to people familiar with a draft proposal, would have the court issue an overarching order authorizing the program, but allow the N.S.A. to issue subpoenas for specific phone records without prior judicial approval.
  • The Obama administration proposal, by contrast, would retain a judicial role in determining whether the standard of suspicion was met for a particular phone number before the N.S.A. could obtain associated records.The administration’s proposal would also include a provision clarifying whether Section 215 of the Patriot Act, due to expire next year unless Congress reauthorizes it, may in the future be legitimately interpreted as allowing bulk data collection of telephone data.The proposal would not, however, affect other forms of bulk collection under the same provision. The C.I.A., for example, has obtained orders for bulk collection of records about international money transfers handled by companies like Western Union.
  • The government has been unable to point to any thwarted terrorist attacks that would have been carried out if the program had not existed, but has argued that it is a useful tool.
  • Paul Merrell on 26 Mar 14
     
    "The N.S.A. uses the once-secret call records program ... to analyze links between callers in an effort to identify hidden terrorist associates, if they exist." Correction: "The N.S.A. *claims* to use the ..." 
Paul Merrell

US v. Comprehensive Drug Testing, Inc., 621 F. 3d 1162 - Court of Appeals, 9th Circuit ... - 0 views

scholar.google.com/scholar_case

surveillance-state 4th Amendment bulk-collection future-investigations

shared by Paul Merrell on 05 Dec 14 - No Cached
  • Concluding Thoughts
  • This case well illustrates both the challenges faced by modern law enforcement in retrieving information it needs to pursue and prosecute wrongdoers, and the threat to the privacy of innocent parties from a vigorous criminal investigation. At the time of Tamura, most individuals and enterprises kept records in their file cabinets or similar physical facilities. Today, the same kind of data is usually stored electronically, often far from the premises. Electronic storage facilities intermingle data, making them difficult to retrieve without a thorough understanding of the filing and classification systems used—something that can often only be determined by closely analyzing the data in a controlled environment. Tamura involved a few dozen boxes and was considered a broad seizure; but even inexpensive electronic storage media today can store the equivalent of millions of pages of information. 1176*1176 Wrongdoers and their collaborators have obvious incentives to make data difficult to find, but parties involved in lawful activities may also encrypt or compress data for entirely legitimate reasons: protection of privacy, preservation of privileged communications, warding off industrial espionage or preventing general mischief such as identity theft. Law enforcement today thus has a far more difficult, exacting and sensitive task in pursuing evidence of criminal activities than even in the relatively recent past. The legitimate need to scoop up large quantities of data, and sift through it carefully for concealed or disguised pieces of evidence, is one we've often recognized. See, e.g., United States v. Hill, 459 F.3d 966 (9th Cir.2006).
  • This pressing need of law enforcement for broad authorization to examine electronic records, so persuasively demonstrated in the introduction to the original warrant in this case, see pp. 1167-68 supra, creates a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant. The problem can be stated very simply: There is no way to be sure exactly what an electronic file contains without somehow examining its contents—either by opening it and looking, using specialized forensic software, keyword searching or some other such technique. But electronic files are generally found on media that also contain thousands or millions of other files among which the sought-after data may be stored or concealed. By necessity, government efforts to locate particular files will require examining a great many other files to exclude the possibility that the sought-after data are concealed there. Once a file is examined, however, the government may claim (as it did in this case) that its contents are in plain view and, if incriminating, the government can keep it. Authorization to search some computer files therefore automatically becomes authorization to search all files in the same sub-directory, and all files in an enveloping directory, a neighboring hard drive, a nearby computer or nearby storage media. Where computers are not near each other, but are connected electronically, the original search might justify examining files in computers many miles away, on a theory that incriminating electronic data could have been shuttled and concealed there.
  • ...3 more annotations...
  • The advent of fast, cheap networking has made it possible to store information at remote third-party locations, where it is intermingled with that of other users. For example, many people no longer keep their email primarily on their personal computer, and instead use a web-based email provider, which stores their messages along with billions of messages from and to millions of other people. Similar services exist for photographs, slide shows, computer code and many other types of data. As a result, people now have personal data that are stored with that of innumerable strangers. Seizure of, for example, Google's email servers to look for a few incriminating messages could jeopardize the privacy of millions. It's no answer to suggest, as did the majority of the three-judge panel, that people can avoid these hazards by not storing their data electronically. To begin with, the choice about how information is stored is often made by someone other than the individuals whose privacy would be invaded by the search. Most people have no idea whether their doctor, lawyer or accountant maintains records in paper or electronic format, whether they are stored on the premises or on a server farm in Rancho Cucamonga, whether they are commingled with those of many other professionals 1177*1177 or kept entirely separate. Here, for example, the Tracey Directory contained a huge number of drug testing records, not only of the ten players for whom the government had probable cause but hundreds of other professional baseball players, thirteen other sports organizations, three unrelated sporting competitions, and a non-sports business entity—thousands of files in all, reflecting the test results of an unknown number of people, most having no relationship to professional baseball except that they had the bad luck of having their test results stored on the same computer as the baseball players.
  • Second, there are very important benefits to storing data electronically. Being able to back up the data and avoid the loss by fire, flood or earthquake is one of them. Ease of access from remote locations while traveling is another. The ability to swiftly share the data among professionals, such as sending MRIs for examination by a cancer specialist half-way around the world, can mean the difference between death and a full recovery. Electronic storage and transmission of data is no longer a peculiarity or a luxury of the very rich; it's a way of life. Government intrusions into large private databases thus have the potential to expose exceedingly sensitive information about countless individuals not implicated in any criminal activity, who might not even know that the information about them has been seized and thus can do nothing to protect their privacy. It is not surprising, then, that all three of the district judges below were severely troubled by the government's conduct in this case. Judge Mahan, for example, asked "what ever happened to the Fourth Amendment? Was it ... repealed somehow?" Judge Cooper referred to "the image of quickly and skillfully moving the cup so no one can find the pea." And Judge Illston regarded the government's tactics as "unreasonable" and found that they constituted "harassment." Judge Thomas, too, in his panel dissent, expressed frustration with the government's conduct and position, calling it a "breathtaking expansion of the `plain view' doctrine, which clearly has no application to intermingled private electronic data." Comprehensive Drug Testing, 513 F.3d at 1117.
  • Everyone's interests are best served if there are clear rules to follow that strike a fair balance between the legitimate needs of law enforcement and the right of individuals and enterprises to the privacy that is at the heart of the Fourth Amendment. Tamura has provided a workable framework for almost three decades, and might well have sufficed in this case had its teachings been followed. We have updated Tamura to apply to the daunting realities of electronic searches. We recognize the reality that over-seizing is an inherent part of the electronic search process and proceed on the assumption that, when it comes to the seizure of electronic records, this will be far more common than in the days of paper records. This calls for greater vigilance on the part of judicial officers in striking the right balance between the government's interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures. The process of segregating electronic data that is seizable from that which is not must not become a vehicle for the government to gain access to data which it has no probable cause to collect.
  • Paul Merrell on 05 Dec 14
     
    From a Ninth U.S. Circuit Court of Appeals en banc ruling in 2010. The Court's holding was that federal investigators had vastly overstepped the boundaries of multiple subpoenas and a search warrant --- and the Fourth Amendment --- by seizing records of a testing laboratory and reviewing them for information not described in the warrant or the subpoenas. At issue in this particular case was the government's use of a warrant that found probable cause to believe that the records contained evidence that steroids had been found in the urine of ten major league baseball players but searched the seized records for urine tests of other baseball players. The Court upheld the lower courts' rulings that the government was required to return all records other than those relevant to the ten players identified in the warrant. (The government had instead used the records of other player's urine tests to issue subpoenas for evidence relevant to those players potential use of steroids.) This decision cuts very heavily against the notion that the Fourth Amendment allows the bulk collection of private information about millions of Americans with or without a warrantor court order on the theory that some of the records *may* later become relevant to a lawful investigation.   Or rephrased, here is the en banc decision of the largest federal court of appeals (as many judges as most other federal appellate courts combined), in direct disagreement with the FISA Court orders allowing bulk collection of telephone records and bulk "incidental" collection of Americans' telephone conversations on the theory that the records *might* become relevant to national security investigations. Yet none of the FISA judges in any of the FISA opinions published thus far even cited, let alone distinguished, this Ninth Circuit en banc decision. Which says a lot of the quality of the legal research performed by the FISA Court judges. However, this precedent is front and center in briefs filed with the Ni
Paul Merrell

File Says N.S.A. Found Way to Replace Email Program - The New York Times - 0 views

www.nytimes.com/...d-after-nsa-program-ended.html

surveillance state NSA email-surveilllance lies

shared by Paul Merrell on 20 Nov 15 - No Cached
  • When the National Security Agency’s bulk collection of records about Americans’ emails came to light in 2013, the government conceded the program’s existence but said it had shut down the effort in December 2011 for “operational and resource reasons.” While that particular secret program stopped, newly disclosed documents show that the N.S.A. had found a way to create a functional equivalent. The shift has permitted the agency to continue analyzing social links revealed by Americans’ email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.
  • The disclosure comes as a sister program that collects Americans’ phone records in bulk is set to end this month. Under a law enacted in June, known as the U.S.A. Freedom Act, the program will be replaced with a system in which the N.S.A. can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.The newly disclosed information about the email records program is contained in a report by the N.S.A.’s inspector general that was obtained by The New York Times through a lawsuit under the Freedom of Information Act. One passage lists four reasons that the N.S.A. decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that “other authorities can satisfy certain foreign intelligence requirements” that the bulk email records program “had been designed to meet.”The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad.
  • The N.S.A. had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.’s internal procedures.The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.“Thus,” the report said, these two sources “assist in the identification of terrorists communicating with individuals in the United States, which addresses one of the original reasons for establishing” the bulk email records program.
  • ...2 more annotations...
  • Timothy Edgar, a privacy official in the Office of the Director of National Intelligence in both the George W. Bush and Obama administrations who now teaches at Brown University, said the explanation filled an important gap in the still-emerging history of post-Sept. 11, 2001, surveillance. Advertisement Continue reading the main story Advertisement Continue reading the main story “The document makes it clear that N.S.A. is able to get all the Internet metadata it needs through foreign collection,” he said. “The change it made to its procedures in 2010 allowed it to exploit metadata involving Americans. Once that change was made, it was no longer worth the effort to collect Internet metadata inside the United States, in part because doing so requires N.S.A. to deal with” restrictions by the intelligence court.Observers have previously suggested that the N.S.A.’s November 2010 rules change on the use of Americans’ data gathered abroad might be connected to the December 2011 end of the bulk email records program. Marcy Wheeler of the national security blog Emptywheel, for example, has argued that this was probably what happened.
  • And officials, who spoke on the condition of anonymity to discuss sensitive collection programs, have said the rules change and the FISA Amendments Act helped make the email records program less valuable relative to its expense and trouble. The newly disclosed documents amount to official confirmation.
Paul Merrell

First Unitarian Church of Los Angeles v. NSA | Electronic Frontier Foundation - 0 views

www.eff.org/...arian-church-los-angeles-v-nsa

surveillance state NSA NSA-blowback litigation 1st Amendment EFF

shared by Paul Merrell on 13 Jan 14 - No Cached
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The case challenges the mass telephone records collection that was confirmed by the FISA Order that was published on June 5, 2013 and confirmed by the Director of National Intelligence (DNI) on June 6, 2013. The DNI confirmed that the collection was “broad in scope” and conducted under the “business records” provision of the Foreign Intelligence Surveillance Act, also known as section 215 of the Patriot Act and 50 U.S.C. section 1861. The facts have long been part of EFF’s Jewel v. NSA case. The case does not include section 702 programs, which includes the recently made public and called the PRISM program or the fiber optic splitter program that is included (along with the telephone records program) in the Jewel v. NSA case. 
  • ...5 more annotations...
  • Our goal is to highlight one of the most important ways that the government collection of telephone records is unconstitutional: it violates the First Amendment right of association. When the government gets access to the phone records of political and activist organizations and their members, it knows who is talking to whom, when, and for how long. This so-called “metadata,” especially when collected in bulk and aggregated, tracks the associations of these organizations. After all, if the government knows that you call the Unitarian Church or Calguns or People for the American Way or Students for Sensible Drug Policy regularly, it has a very good indication that you are a member and it certainly knows that you associate regularly. The law has long recognized that government access to associations can create a chilling effect—people are less likely to associate with organizations when they know the government is watching and when the government can track their associations. 
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The First Amendment right of association is a well established doctrine that prevents the government “interfering with the right to peaceably assemble or prohibit the petition for a governmental redress of grievances.” The most famous case embracing it is a 1958 Supreme Court Case from the Civil Rights era called  NAACP v. Alabama. In that case the Supreme Court held that it would violate the First Amendment for the NAACP to have to turn over its membership lists in litigation. The right stems from the simple fact that the First Amendment protects the freedom to associate and express political views as a group. This constitutional protection is critical because, as the court noted “[e]ffective advocacy of both public and private points of view, particularly controversial ones, is undeniably enhanced by group association[.]” NAACP v. Alabama, 357 U.S. at 460. As another court noted: the Constitution protects freedom of association to encourage the “advancing ideas and airing grievances” Bates v. City of Little Rock, 361 U.S. 516, 522-23 (1960).
  • The collection and analysis of telephone records give the government a broad window into our associations. The First Amendment protects against this because, as the Supreme Court has recognized, “it may induce members to withdraw from the association and dissuade others from joining it because of fear of exposure of their beliefs shown through their associations and of the consequences of their exposure.” NAACP v. Alabama, 357 U.S. at 462-63. See also Bates, 361 U.S. at 523; Gibson v. Florida Legislative Investigation Comm., 372 U.S. 539 (1963).  Privacy in one’s associational ties is also closely linked to freedom of association: “Inviolability of privacy in group association may in many circumstances be indispensable to preservation of freedom of association, particularly where a group espouses dissident beliefs.” NAACP v. Alabama, 357 U.S. at 462. 
  • The Supreme Court has made clear that infringements on freedom of association may survive constitutional scrutiny only when they “serve compelling state interests, unrelated to the suppression of ideas, that cannot be achieved through means significantly less restrictive of associational freedoms.” Roberts v. United States Jaycees, 468 U.S. 609, 623 (1984); see also NAACP v. Button, 371 U.S. at 341; Knox v. SEIU, Local 1000, 132 S. Ct. 2277, 2291 (2012)  Here, the wholesale collection of telephone records of millions of innocent Americans’ communications records, and thereby collection of their associations, is massively overbroad, regardless of the government’s interest. Thus, the NSA spying program fails under the basic First Amendment tests that have been in place for over fifty years.
  • Paul Merrell on 13 Jan 14
     
    This case is related to EFF's earlier pending case, Jewel v. NSA and has been assigned to Judge Whyte, the same judge who ruled earlier in Jewel that the State Secrets Privilege does not apply to NSA's call metadata "haystack." The plaintiffs are 22 different groups who would make strange bedfellows indeed, except in opposition to government surveillance and repression. 
Paul Merrell

Senators accuse government of using 'secret law' to collect Americans' data | World new... - 0 views

www.guardian.co.uk/...es-clapper-nsa-data-collection

surveillance state NSA blowback senators Clapper

shared by Paul Merrell on 30 Jun 13 - No Cached
  • A bipartisan group of 26 US senators has written to intelligence chiefs to complain that the administration is relying on a "secret body of law" to collect massive amounts of data on US citizens.The senators accuse officials of making misleading statements and demand that the director of national intelligence James Clapper answer a series of specific questions on the scale of domestic surveillance as well as the legal justification for it.In their strongly-worded letter to Clapper, the senators said they believed the government may be misinterpreting existing legislation to justify the sweeping collection of telephone and internet data revealed by the Guardian."We are concerned that by depending on secret interpretations of the Patriot Act that differed from an intuitive reading of the statute, this program essentially relied for years on a secret body of law," they say.
  • "This and misleading statements by intelligence officials have prevented our constituents from evaluating the decisions that their government was making, and will unfortunately undermine trust in government more broadly."This is the strongest attack yet from Congress since the disclosures began, and comes after Clapper admitted he had given "the least untruthful answer possible" when pushed on these issues by Senators at a hearing before the latest revelations by the Guardian and the Washington Post.In a press statement, the group of senators added: "The recent public disclosures of secret government surveillance programs have exposed how secret interpretations of the USA Patriot Act have allowed for the bulk collection of massive amounts of data on the communications of ordinary Americans with no connection to wrongdoing."
  • They said: "Reliance on secret law to conduct domestic surveillance activities raises serious civil liberty concerns and all but removes the public from an informed national security and civil liberty debate." A spokesman for the office of the director of national intelligence (ODNI) acknowledged the letter. "The ODNI received a letter from 26 senators this morning requesting further engagement on vital intelligence programs recently disclosed in the media, which we are still evaluating. The intelligence and law enforcement communities will continue to work with all members of Congress to ensure the proper balance of privacy and protection for American citizens."The letter was organised by Oregan Democrat Ron Wyden, a member of the intelligence committee, but includes four Republican senators: Mark Kirk, Mike Lee, Lisa Murkowski and Dean Heller.
  • ...3 more annotations...
  • They ask Clapper to publicly provide information about the duration and scope of the program and provide examples of its effectiveness in providing unique intelligence, if such examples exist.The senators also expressed their concern that the program itself has a significant impact on the privacy of law-abiding Americans and that the Patriot Act could be used for the bulk collection of records beyond phone metadata."The Patriot Act's 'business records' authority can be used to give the government access to private financial, medical, consumer and firearm sales records, among others," said a press statement.In addition to raising concerns about the law's scope, the senators noted that keeping the official interpretation of the law secret and the instances of misleading public statements from executive branch officials prevented the American people from having an informed public debate about national security and domestic surveillance.
  • The senators said they were seeking public answers to the following questions in order to give the American people the information they need to conduct an informed public debate. The specific questions include:• How long has the NSA used Patriot Act authorities to engage in bulk collection of Americans' records? Was this collection underway when the law was reauthorized in 2006?• Has the NSA used USA Patriot Act authorities to conduct bulk collection of any other types of records pertaining to Americans, beyond phone records?• Has the NSA collected or made any plans to collect Americans' cell-site location data in bulk?• Have there been any violations of the court orders permitting this bulk collection, or of the rules governing access to these records? If so, please describe these violations.
  • A bipartisan group of 26 US senators has written to intelligence chiefs to complain that the administration is relying on a "secret body of law" to collect massive amounts of data on US citizens.The senators accuse officials of making misleading statements and demand that the director of national intelligence James Clapper answer a series of specific questions on the scale of domestic surveillance as well as the legal justification for it.In their strongly-worded letter to Clapper, the senators said they believed the government may be misinterpreting existing legislation to justify the sweeping collection of telephone and internet data revealed by the Guardian."We are concerned that by depending on secret interpretations of the Patriot Act that differed from an intuitive reading of the statute, this program essentially relied for years on a secret body of law," they say."This and misleading statements by intelligence officials have prevented our constituents from evaluating the decisions that their government was making, and will unfortunately undermine trust in government more broadly."
Paul Merrell

U.S. surveillance architecture includes collection of revealing Internet, phone metadat... - 0 views

www.washingtonpost.com/...2-b05f-3ea3f0e7bb5a_print.html

surveillance state NSA must-read pen-register

shared by Paul Merrell on 19 Jun 13 - No Cached
  • On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.
  • Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.
  • The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.
  • ...3 more annotations...
  • Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata.At Bush’s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that.MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see.
  • In the urgent aftermath of Sept. 11, 2001, with more attacks thought to be imminent, analysts wanted to use “contact chaining” techniques to build what the NSA describes as network graphs of people who represented potential threats.The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush’s authorization, which allowed collection of Internet metadata “for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,” the NSA inspector general’s report said.Lawyers for the agency came up with an interpretation that said the NSA did not “acquire” the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could “obtain” metadata in bulk, they argued, without meeting the required standards for acquisition.Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today.As soon as surveillance data “touches us, we’ve got it, whatever verbs you choose to use,” the official said in an interview. “We’re not saying there’s a magic formula that lets us have it without having it.”
  • When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation.Then-NSA Director Michael V. Hayden was not among them. According to the inspector general’s classified report, Cheney’s lawyer, Addington, placed a phone call and “General Hayden had to decide whether NSA would execute the Authorization without the Attorney General’s signature.” He decided to go along.The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself.Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court’s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as “pen register, trap and trace,” that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line.
  • Paul Merrell on 19 Jun 13
     
    Note particularly the mention that the FISA Court decision to throw the doors open for government snooping was based on "pen register, trap and trace" law. As suspected, now we are into territory dealt with by the Supreme Court in the pre-internet days of 1979 In Smith v. Maryland, 442 U.S. 735 (1979), More about that next, in a bookmark also tagged with "pen-register".
Paul Merrell

Senate Bill Requires Report on "All" NSA Bulk Collection | Federation Of American Scien... - 0 views

fas.org/...all-nsa-bulk-collection

surveillance-state NSA-reform legislation

shared by Paul Merrell on 19 Jul 14 - No Cached
  • The National Security Agency would be required to prepare an unclassified report on “all NSA bulk collection activities,” the Senate Appropriations Committee directed in its report on the Fiscal Year 2015 Department of Defense Appropriations bill, published yesterday. The Committee told the NSA to prepare a report “describing all NSA bulk collection activities, including when such activities began, the cost of such activities, what types of records have been collected in the past, what types of records are currently being collected, and any plans for future bulk collection.” Such a report would be expected to clarify whether NSA bulk collection extends beyond the acknowledged telephone metadata program in Section 215 of the USA Patriot Act. The required report is to be “unclassified to the greatest extent possible,” the Senate Committee said. In the reporting requirements that it imposed on NSA, the Senate Appropriations Committee notably went beyond what was required by the Senate or House Intelligence Committees. The Appropriations Committee also directed NSA to submit additional reports on the total number of records acquired and reviewed by NSA in its bulk telephone metadata program over the past five years, and an estimate of the number of records of U.S. persons that have been acquired and reviewed in the telephone metadata program. Another unclassified report is required to provide “a list of terrorist activities that were disrupted, in whole or in part, with the aid of information obtained through NSA’s telephone metadata program.”
  • Update: Identical reporting language was included by the Senate Appropriations Committee last year in its report on the FY2014 Defense Appropriations bill (h/t @byersalex), yet the required NSA reports were not produced. At Emptywheel, Marcy Wheeler questions the utility of the proposed reports, particularly since the Senate Committee language lacks a clear, unambiguous definition of “bulk collection.”
Paul Merrell

USA Freedom Act Passes House, Codifying Bulk Collection For First Time, Critics Say - T... - 0 views

firstlook.org/...usa-freedom-act

surveillance state NSA-reform USA-Freedom-Act legislation

shared by Paul Merrell on 14 May 15 - No Cached
  • After only one hour of floor debate, and no allowed amendments, the House of Representatives today passed legislation that opponents believe may give brand new authorization to the U.S. government to conduct domestic dragnets. The USA Freedom Act was approved in a 338-88 vote, with approximately equal numbers of Democrats and Republicans voting against. The bill’s supporters say it will disallow bulk collection of domestic telephone metadata, in which the Foreign Intelligence Surveillance Court has regularly ordered phone companies to turn over such data. The Obama administration claims such collection is authorized by Section 215 of the USA Patriot Act, which is set to expire June 1. However, the U.S. Court of Appeals for the Second Circuit recently held that Section 215 does not provide such authorization. Today’s legislation would prevent the government from issuing such orders for bulk collection and instead rely on telephone companies to store all their metadata — some of which the government could then demand using a “specific selection term” related to foreign terrorism. Bill supporters maintain this would prevent indiscriminate collection.
  • However, the legislation may not end bulk surveillance and in fact could codify the ability of the government to conduct dragnet data collection. “We’re taking something that was not permitted under regular section 215 … and now we’re creating a whole apparatus to provide for it,” Rep. Justin Amash, R-Mich., said on Tuesday night during a House Rules Committee proceeding. “The language does limit the amount of bulk collection, it doesn’t end bulk collection,” Rep. Amash said, arguing that the problematic “specific selection term” allows for “very large data collection, potentially in the hundreds of thousands of people, maybe even millions.” In a statement posted to Facebook ahead of the vote, Rep. Amash said the legislation “falls woefully short of reining in the mass collection of Americans’ data, and it takes us a step in the wrong direction by specifically authorizing such collection in violation of the Fourth Amendment to the Constitution.”
  • “While I appreciate a number of the reforms in the bill and understand the need for secure counter-espionage and terrorism investigations, I believe our nation is better served by allowing Section 215 to expire completely and replacing it with a measure that finds a better balance between national security interests and protecting the civil liberties of Americans,” Congressman Ted Lieu, D-Calif., said in a statement explaining his vote against the bill.
  • ...2 more annotations...
  • Not addressed in the bill, however, are a slew of other spying authorities in use by the NSA that either directly or inadvertently target the communications of American citizens. Lawmakers offered several amendments in the days leading up to the vote that would have tackled surveillance activities laid out in Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333 — two authorities intended for foreign surveillance that have been used to collect Americans’ internet data, including online address books and buddy lists. The House Rules Committee, however, prohibited consideration of any amendment to the USA Freedom Act, claiming that any changes to the legislation would have weakened its chances of passage.
  • The measure now goes to the Senate where its future is uncertain. Majority Leader Mitch McConnell has declined to schedule the bill for consideration, and is instead pushing for a clean reauthorization of expiring Patriot Act provisions that includes no surveillance reforms. Senators Ron Wyden, D-Ore., and Rand Paul, R-Ky., have threated to filibuster any bill that extends the Patriot Act without also reforming the NSA.
  • Paul Merrell on 14 May 15
     
    Surprise, surprise. U.S. "progressive" groups are waging an all-out email lobbying effort to sunset the Patriot Act. https://www.sunsetthepatriotact.com/ Same with civil liberties groups. e.g., https://action.aclu.org/secure/Section215 And a coalition of libertarian organizations. http://docs.techfreedom.org/Coalition_Letter_McConnell_215Reauth_4.27.15.pdf
Paul Merrell

How the NSA is still harvesting your online data | World news | guardian.co.uk - 0 views

www.guardian.co.uk/...nsa-online-metadata-collection

surveillance state NSA Obama lies EvilOlive ShellTrumpet MoonLightPath Spinneret xKeyScore Deep Dive Transient Thurible

shared by Paul Merrell on 30 Jun 13 - No Cached
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
  • On December 26 2012, SSO announced what it described as a new capability to allow it to collect far more internet traffic and data than ever before. With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States.The NSA called it the "One-End Foreign (1EF) solution". It intended the program, codenamed EvilOlive, for "broadening the scope" of what it is able to collect. It relied, legally, on "FAA Authority", a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions.This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. "The 1EF solution is allowing more than 75% of the traffic to pass through the filter," the SSO December document reads. "This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories."
  • It continued: "After the EvilOlive deployment, traffic has literally doubled."The scale of the NSA's metadata collection is highlighted by references in the documents to another NSA program, codenamed ShellTrumpet.On December 31, 2012, an SSO official wrote that ShellTrumpet had just "processed its One Trillionth metadata record".
  • ...4 more annotations...
  • Explaining that the five-year old program "began as a near-real-time metadata analyzer … for a classic collection system", the SSO official noted: "In its five year history, numerous other systems from across the Agency have come to use ShellTrumpet's processing capabilities for performance monitoring" and other tasks, such as "direct email tip alerting."Almost half of those trillion pieces of internet metadata were processed in 2012, the document detailed: "though it took five years to get to the one trillion mark, almost half of this volume was processed in this calendar year".
  • Another SSO entry, dated February 6, 2013, described ongoing plans to expand metadata collection. A joint surveillance collection operation with an unnamed partner agency yielded a new program "to query metadata" that was "turned on in the Fall 2012". Two others, called MoonLightPath and Spinneret, "are planned to be added by September 2013."A substantial portion of the internet metadata still collected and analyzed by the NSA comes from allied governments, including its British counterpart, GCHQ.
  • An SSO entry dated September 21, 2012, announced that "Transient Thurible, a new Government Communications Head Quarters (GCHQ) managed XKeyScore (XKS) Deep Dive was declared operational." The entry states that GCHQ "modified" an existing program so the NSA could "benefit" from what GCHQ harvested."Transient Thurible metadata [has been] flowing into NSA repositories since 13 August 2012," the entry states.
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
1 - 20 of 153 Next › Last »
Showing 20 items per page