Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged telephone-metadata

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

www.theguardian.com/...-likely-unconstitutional-judge

surveillance state NSA call-metadata litigation 4th Amendment constitutional law NSA-blowback

shared by Paul Merrell on 17 Dec 13 - No Cached
  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  • Paul Merrell on 17 Dec 13
     
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  • Paul Merrell on 17 Dec 13
     
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
Paul Merrell

U.S. surveillance architecture includes collection of revealing Internet, phone metadat... - 0 views

www.washingtonpost.com/...2-b05f-3ea3f0e7bb5a_print.html

surveillance state NSA must-read pen-register

shared by Paul Merrell on 19 Jun 13 - No Cached
  • On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.
  • Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.
  • The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.
  • ...3 more annotations...
  • Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata.At Bush’s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that.MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see.
  • In the urgent aftermath of Sept. 11, 2001, with more attacks thought to be imminent, analysts wanted to use “contact chaining” techniques to build what the NSA describes as network graphs of people who represented potential threats.The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush’s authorization, which allowed collection of Internet metadata “for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,” the NSA inspector general’s report said.Lawyers for the agency came up with an interpretation that said the NSA did not “acquire” the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could “obtain” metadata in bulk, they argued, without meeting the required standards for acquisition.Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today.As soon as surveillance data “touches us, we’ve got it, whatever verbs you choose to use,” the official said in an interview. “We’re not saying there’s a magic formula that lets us have it without having it.”
  • When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation.Then-NSA Director Michael V. Hayden was not among them. According to the inspector general’s classified report, Cheney’s lawyer, Addington, placed a phone call and “General Hayden had to decide whether NSA would execute the Authorization without the Attorney General’s signature.” He decided to go along.The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself.Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court’s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as “pen register, trap and trace,” that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line.
  • Paul Merrell on 19 Jun 13
     
    Note particularly the mention that the FISA Court decision to throw the doors open for government snooping was based on "pen register, trap and trace" law. As suspected, now we are into territory dealt with by the Supreme Court in the pre-internet days of 1979 In Smith v. Maryland, 442 U.S. 735 (1979), More about that next, in a bookmark also tagged with "pen-register".
Paul Merrell

Germany's Spies Store 11 Billion Pieces Of Phone Metadata A Year -- And Pass On 6 Billi... - 0 views

www.techdirt.com/...ar-pass-6-billion-to-nsa.shtml

surveillance state NSA Germany BND phone-metadata

shared by Paul Merrell on 07 Feb 15 - No Cached
  • Given Germany's high-profile attachment to privacy, it's always interesting to hear about ways in which its spies have been ignoring that tradition. Here, for example, is a story in the German newspaper Die Zeit about the country's foreign intelligence agency BND gathering metadata from millions of phone records every day: Zeit Online has learned from secret BND documents that five agency locations are involved in gathering huge amounts of metadata. Metadata vacuumed up across the world -- 220 million pieces of it every single day -- flows into BND branch offices in the German towns of Schöningen, Reinhausen, Bad Aibling and Gablingen. There, they are stored for between a week and six months and sorted according to still-unknown criteria. Exactly where the BND obtains the data remains unclear. The Bundestag [German parliament] committee investigating the NSA spying scandal has uncovered that the German intelligence agency intercepts communications traveling via both satellites and Internet cables. The 220 million metadata are only one part of what is amassed from these eavesdropping activities. It is certain that the metadata only come from "foreign dialed traffic," in other words, from telephone conversations and text messages that are held and sent via mobile telephony and satellites.
  • As in the US and UK, the German spies attempt to pull the "it's only metadata, so it's not surveillance" trick: Many people don't realize how much information can be derived from metadata -- and the BND is working hard to keep it that way. For example, during hearings before the Bundestag committee investigating the NSA affair, intelligence officials have consistently spoken about "routine traffic" whenever they have actually meant metadata. Given that the German word for "traffic" is the same as that for "intercourse," this has sounded more like bad sex and has aimed to obscure the fact that hidden behind it was comprehensive, groundless and massive surveillance. What's more, the officials have argued that they are permitted to vacuum up this kind of routine traffic all over the world without any restrictions and to use it as they see fit. However, Peter Schaar doesn't share this view at all. Instead, the German government's former commissioner for data protection and freedom of information believes that metadata should also be protected by the basic right of privacy of correspondence, posts and telecommunications guaranteed by Article 10 of Germany’s Basic Law.
  • This long and interesting report is important for the insight it gives us about what the BND is up to -- despite Germany's stringent laws -- as well as the news that the German intelligence service passes 500 million pieces of metadata to the NSA every month. General Michael Hayden, former director of the NSA and the CIA, famously said: "We kill people based on metadata." That means privacy-loving Germany could be implicated in some of those deaths. And there's another aspect to the story worth noting. Nowhere does Die Zeit say that this information comes from Edward Snowden. Once again, it looks as if his example is inspiring others to shine a little light on the murky world of surveillance.
Paul Merrell

Feds operated yet another secret metadata database until 2013 | Ars Technica - 0 views

arstechnica.com/...t-metadata-database-until-2013

surveillance state DEA phone-metadata litigation

shared by Paul Merrell on 18 Jan 15 - No Cached
  • In a new court filing, the Department of Justice revealed that it kept a secret database of telephone metadata—with one party in the United States and another abroad—that ended in 2013. The three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.
  • The criminal case involves an Iranian-American man named Shantia Hassanshahi, who is accused of violating the American trade embargo against Iran. His lawyer, Mir Saied Kashani, told Ars that the government has clearly abused its authority. "They’ve converted this from a war on drugs to a war on privacy," he said. "[Hassanshahi] is not accused of any drug crime but they used this drug enforcement information to gather information against him, that's contrary to the law, and we will revisit that. We will bring motions in the court and we will appeal if necessary." Neither the DEA nor the Department of Justice immediately responded to Ars' query as to whether this program is continuing under a different authority.
  • The story begins in 2011, when a Department of Homeland Security (DHS) agent received a tip about someone who might be in violation of American sanctions against Iran. The source provided an e-mail from an Iranian businessman, Manoucher Sheiki, who was involved in acquiring power grid equipment. A second Homeland Security agent, Joshua Akronowitz, wrote in a 2013 affidavit that he searched Sheiki’s Iranian phone number in this database, but declined to explain exactly what kind of database it was. Akronowitz found that the Iranian number came up exactly one time in the database, and was linked to an 818 number, based in Los Angeles County. That number turned out to be the Google Voice number of Hassanshahi. DHS then subpoenaed Google, and got Hassanshahi’s call log and later, metadata on his Gmail account. By early 2012, the agency found out that he was set to return to Los Angeles from Iran. At LAX Airport, customs agents seized his phone, laptop, thumb drives, camcorder, and SIM cards and sent them to Homeland Security. Last year, Kashani, Hassanshahi’s lawyer, argued that this evidence should be suppressed on account that it was the "fruit of the poisonous tree"—obtained via illicit means. In support of his arguments, Kashani cited an important ongoing NSA-related lawsuit, Klayman v. Obama, which remains the only instance where a judge has order the NSA metadata program to be shut down—that order was stayed pending an appeal. (Earlier this month, Ars explored Klayman and other pending notable surveillance cases.)
  • ...3 more annotations...
  • In a December 2014 opinion in the Hassanshahi case, US District Judge Rudolph Contreras allowed the evidence, but also required that the government provide a "declaration summarizing the contours of the law enforcement database used by Homeland Security Investigations to discover Hassanshahi’s phone number, including any limitations on how and when the database may be used." To comply with the judge’s order, Robert Patterson, the assistant special agent in charge of the DEA, wrote in the Thursday filing: As noted, this database was a federal law enforcement database. It could be used to query a telephone number where federal law enforcement officials had a reasonable articulable suspicion that the telephone number at issue was related to an ongoing federal criminal investigation. The Iranian number was determined to meet this standard based on specific information indicating that the Iranian number was being used for the purpose of importing technological goods to Iran in violation of United States law. Previously, the government had not revealed exactly how it began its investigation of Hassanshahi, and only referred cryptically to "[DHS]-accessible law enforcement databases," in Akronowitz’ 2013 and  2014 affidavits.
  • Similarly, other privacy-minded legal experts questioned the government’s tactics in this new revelation. "We just don’t know about the scope of these things, and that’s what’s disturbing," Andrew Crocker, a legal fellow at the Electronic Frontier Foundation, told Ars. His colleague, Hanni Fakhoury, an EFF attorney who used to be a federal public defender, added that he was "not surprised." "Bulk surveillance technologies and the dangerous legal theories that are used to support them trickle down, and here's a prime example of that," he wrote by e-mail. "The DEA's mandate is of course important but not at the level of national security where as you know there are serious legal questions about the propriety of this collection of phone metadata. And if the DEA has a program like this, it wouldn't surprise me if other agencies do too for other sorts of records the government has claimed it can collect with a subpoena (like bank records)."
  • Patrick Toomey, an attorney with the American Civil Liberties Union, chimed in to say that this indeed was a clear example of government overreach. "This disclosure underscores how the government has expanded its use of bulk collection far beyond the NSA and the national-security context, to rely on mass surveillance in ordinary criminal investigations," he said by e-mail. "It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," Toomey continued. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."
  • Paul Merrell on 18 Jan 15
     
    The authorizing statute clearly limits the scope of the administrative subpoena authority to drug related criminal investigations. "In any investigation relating to his functions under this subchapter with respect to controlled substances, listed chemicals, tableting machines, or encapsulating machines, the Attorney General may subpena witnesses, compel the attendance and testimony of witnesses, and require the production of any records (including books, papers, documents, and other tangible things which constitute or contain evidence) which the Attorney General finds relevant or material to the investigation."
Paul Merrell

First Unitarian Church of Los Angeles v. NSA | Electronic Frontier Foundation - 0 views

www.eff.org/...arian-church-los-angeles-v-nsa

surveillance state NSA NSA-blowback litigation 1st Amendment EFF

shared by Paul Merrell on 13 Jan 14 - No Cached
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The case challenges the mass telephone records collection that was confirmed by the FISA Order that was published on June 5, 2013 and confirmed by the Director of National Intelligence (DNI) on June 6, 2013. The DNI confirmed that the collection was “broad in scope” and conducted under the “business records” provision of the Foreign Intelligence Surveillance Act, also known as section 215 of the Patriot Act and 50 U.S.C. section 1861. The facts have long been part of EFF’s Jewel v. NSA case. The case does not include section 702 programs, which includes the recently made public and called the PRISM program or the fiber optic splitter program that is included (along with the telephone records program) in the Jewel v. NSA case. 
  • ...5 more annotations...
  • Our goal is to highlight one of the most important ways that the government collection of telephone records is unconstitutional: it violates the First Amendment right of association. When the government gets access to the phone records of political and activist organizations and their members, it knows who is talking to whom, when, and for how long. This so-called “metadata,” especially when collected in bulk and aggregated, tracks the associations of these organizations. After all, if the government knows that you call the Unitarian Church or Calguns or People for the American Way or Students for Sensible Drug Policy regularly, it has a very good indication that you are a member and it certainly knows that you associate regularly. The law has long recognized that government access to associations can create a chilling effect—people are less likely to associate with organizations when they know the government is watching and when the government can track their associations. 
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The First Amendment right of association is a well established doctrine that prevents the government “interfering with the right to peaceably assemble or prohibit the petition for a governmental redress of grievances.” The most famous case embracing it is a 1958 Supreme Court Case from the Civil Rights era called  NAACP v. Alabama. In that case the Supreme Court held that it would violate the First Amendment for the NAACP to have to turn over its membership lists in litigation. The right stems from the simple fact that the First Amendment protects the freedom to associate and express political views as a group. This constitutional protection is critical because, as the court noted “[e]ffective advocacy of both public and private points of view, particularly controversial ones, is undeniably enhanced by group association[.]” NAACP v. Alabama, 357 U.S. at 460. As another court noted: the Constitution protects freedom of association to encourage the “advancing ideas and airing grievances” Bates v. City of Little Rock, 361 U.S. 516, 522-23 (1960).
  • The collection and analysis of telephone records give the government a broad window into our associations. The First Amendment protects against this because, as the Supreme Court has recognized, “it may induce members to withdraw from the association and dissuade others from joining it because of fear of exposure of their beliefs shown through their associations and of the consequences of their exposure.” NAACP v. Alabama, 357 U.S. at 462-63. See also Bates, 361 U.S. at 523; Gibson v. Florida Legislative Investigation Comm., 372 U.S. 539 (1963).  Privacy in one’s associational ties is also closely linked to freedom of association: “Inviolability of privacy in group association may in many circumstances be indispensable to preservation of freedom of association, particularly where a group espouses dissident beliefs.” NAACP v. Alabama, 357 U.S. at 462. 
  • The Supreme Court has made clear that infringements on freedom of association may survive constitutional scrutiny only when they “serve compelling state interests, unrelated to the suppression of ideas, that cannot be achieved through means significantly less restrictive of associational freedoms.” Roberts v. United States Jaycees, 468 U.S. 609, 623 (1984); see also NAACP v. Button, 371 U.S. at 341; Knox v. SEIU, Local 1000, 132 S. Ct. 2277, 2291 (2012)  Here, the wholesale collection of telephone records of millions of innocent Americans’ communications records, and thereby collection of their associations, is massively overbroad, regardless of the government’s interest. Thus, the NSA spying program fails under the basic First Amendment tests that have been in place for over fifty years.
  • Paul Merrell on 13 Jan 14
     
    This case is related to EFF's earlier pending case, Jewel v. NSA and has been assigned to Judge Whyte, the same judge who ruled earlier in Jewel that the State Secrets Privilege does not apply to NSA's call metadata "haystack." The plaintiffs are 22 different groups who would make strange bedfellows indeed, except in opposition to government surveillance and repression. 
Paul Merrell

EU high court strikes down metadata collection law | Ars Technica - 0 views

arstechnica.com/...s-down-metadata-collection-law

surveillance state E.U. law data-retention digital-privacy litigation

shared by Paul Merrell on 09 Apr 14 - No Cached
  • While the United States continues to debate metadata collection conducted in secret by the National Security Agency, the European Union has been openly collecting the same sort of data for eight years. In the wake of terrorist attacks in Madrid (2004) and London (2005), the European Union passed a directive in 2006 requiring that all telecommunications providers retain all kinds of telephone and Internet metadata for at least six months and provide it to law enforcement upon request. According to a ruling handed down Tuesday by the European Court of Justice, that directive is now invalid. The case was brought by activists at Digital Rights Ireland and the Austrian Working Group on Data Retention. The two organizations had challenged the law as it had been imposed in their respective countries.
  • While the United States continues to debate metadata collection conducted in secret by the National Security Agency, the European Union has been openly collecting the same sort of data for eight years. In the wake of terrorist attacks in Madrid (2004) and London (2005), the European Union passed a directive in 2006 requiring that all telecommunications providers retain all kinds of telephone and Internet metadata for at least six months and provide it to law enforcement upon request. According to a ruling handed down Tuesday by the European Court of Justice, that directive is now invalid. The case was brought by activists at Digital Rights Ireland and the Austrian Working Group on Data Retention. The two organizations had challenged the law as it had been imposed in their respective countries.
  • The European judges concluded: The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance. . . . Although the retention of data required by the directive may be considered to be appropriate for attaining the objective pursued by it, the wide-ranging and particularly serious interference of the directive with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is strictly necessary.
Paul Merrell

NSA program stopped no terror attacks, says White House panel member - Investigations - 0 views

investigations.nbcnews.com/...-says-white-house-panel-member

surveillance state NSA NSA-blowback Obama call-metadata

shared by Paul Merrell on 21 Dec 13 - No Cached
  • A member of the White House review panel on NSA surveillance said he was “absolutely” surprised when he discovered the agency’s lack of evidence that the bulk collection of telephone call records had thwarted any terrorist attacks.
  • “It was, ‘Huh, hello? What are we doing here?’” said Geoffrey Stone, a University of Chicago law professor, in an interview with NBC News. “The results were very thin.”While Stone said the mass collection of telephone call records was a “logical program” from the NSA’s perspective, one question the White House panel was seeking to answer was whether it had actually stopped “any [terror attacks] that might have been really big.” Advertise | AdChoices “We found none,” said Stone. Under the NSA program, first revealed by ex-contractor Edward Snowden, the agency collects in bulk the records of the time and duration of phone calls made by persons inside the United States.Stone was one of five members of the White House review panel – and the only one without any intelligence community experience – that this week produced a sweeping report recommending that the NSA’s collection of phone call records be terminated to protect Americans’ privacy rights.The panel made that recommendation after concluding that the program was “not essential in preventing attacks.”“That was stunning. That was the ballgame,” said one congressional intelligence official, who asked not to be publicly identified. “It flies in the face of everything that they have tossed at us.”
  • The conclusions of the panel’s reports were at direct odds with public statements by President Barack Obama and U.S. intelligence officials. “Lives have been saved,” Obama told reporters last June, referring to the bulk collection program and another program that intercepts communications overseas. “We know of at least 50 threats that have been averted because of this information.”
  • ...3 more annotations...
  • But in one little-noticed footnote in its report, the White House panel said the telephone records collection program – known as Section 215, based on the provision of the U.S. Patriot Act that provided the legal basis for it – had made “only a modest contribution to the nation’s security.” The report said that “there has been no instance in which NSA could say with confidence that the outcome [of a terror investigation] would have been any different” without the program. Advertise | AdChoices The panel’s findings echoed that of U.S. Judge Richard Leon, who in a ruling this week found the bulk collection program to be unconstitutional. Leon said that government officials were unable to cite “a single instance in which analysis of the NSA’s bulk collection metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time-sensitive in nature.” 
  • Stone declined to comment on the accuracy of public statements by U.S. intelligence officials about the telephone collection program, but said that when they referred to successes they seemed to be mixing the results of domestic metadata collection with the intelligence derived from the separate, and less controversial, NSA program, known as 702, to intercept communications overseas.The comparison between 702 overseas interceptions and 215 bulk metadata collection was “night and day,” said Stone. “With 702, the record is very impressive. It’s no doubt the nation is safer and spared potential attacks because of 702. There was nothing like that for 215. We asked the question and they [the NSA] gave us the data. They were very straight about it.”He also said one reason the telephone records program is not effective is because, contrary to the claims of critics, it actually does not collect a record of every American’s phone call. Although the NSA does collect metadata from major telecommunications carriers such as Verizon and AT&T, there are many smaller carriers from which it collects nothing. Asked if the NSA was collecting the records of 75 percent of phone calls, an estimate that has been used in briefings to Congress , Stone said the real number was classified but “not anything close to that” and far lower.
  • When panel members asked NSA officials why they didn’t expand the program to include smaller carriers, the answer they gave was “money,” Stone said. “They were setting financial priorities,” said Stone, and that was “really revealing” about how useful the bulk collection of telephone calls really was.An NSA spokeswoman declined to comment on any aspect of the panel’s report, saying the agency was deferring to the White House. Asked Wednesday about the surveillance panel’s conclusions about telephone record collection, White House press secretary Jay Carney said that “the president does still believe and knows that this program is an important piece of the overall efforts that we engage in to combat threats against the lives of American citizens and threats to our overall national security.”
  • Paul Merrell on 21 Dec 13
     
    Obama still believes "this program is an important piece of the overall efforts?" Whew! 
Paul Merrell

FindLaw | Cases and Codes - 0 views

caselaw.lp.findlaw.com/...getcase.pl

surveillance state NSA pen-register 4th Amendment

shared by Paul Merrell on 20 Jun 13 - No Cached
  • SMITH v. MARYLAND, 442 U.S. 735 (1979)
  • The telephone company, at police request, installed at its central offices a pen register to record the numbers dialed from the telephone at petitioner's home. Prior to his robbery trial, petitioner moved to suppress "all fruits derived from" the pen register. The Maryland trial court denied this motion, holding that the warrantless installation of the pen register did not violate the Fourth Amendment. Petitioner was convicted, and the Maryland Court of Appeals affirmed. Held: The installation and use of the pen register was not a "search" within the meaning of the Fourth Amendment, and hence no warrant was required. Pp. 739-746. (a) Application of the Fourth Amendment depends on whether the person invoking its protection can claim a "legitimate expectation of privacy" that has been invaded by government action. This inquiry normally embraces two questions: first, whether the individual has exhibited an actual (subjective) expectation of privacy; and second, whether his expectation is one that society is prepared to recognize as "reasonable." Katz v. United States, 389 U.S. 347 . Pp. 739-741.
  • (b) Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not "legitimate." First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does in fact record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as "reasonable." When petitioner voluntarily conveyed numerical information to the phone company and "exposed" that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information [442 U.S. 735, 736]   to the police, cf. United States v. Miller, 425 U.S. 435 . Pp. 741-746. 283 Md. 156, 389 A. 2d 858, affirmed.
  • Paul Merrell on 20 Jun 13
     
    The Washington Post has reported that "on July 15 [2001], the secret surveillance court allowed the NSA to resume bulk collection under the court's own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as "pen register, trap and trace," that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line." .  The seminal case on pen registers is the Supreme Court's 1979 Smith v. Maryland decision, bookmarked here and the Clerk's syllabus highlighted, with the Court's discussion on the same web page. We will be hearing a lot about this case decision in the weeks and months to come.  Let it suffice for now to record a few points of what my antenna are telling me:  -- Both technology and the law have moved on since then. We are 34 years down the line from the Smith decision. Its pronouncements have been sliced and diced by subsequent decisions. Not a single Justice who sat on the Smith case is still on the High Bench.   -- In Smith, a single pen register was used to obtain calling information from a single telephone number by law enforcement officials. In the present circumstance, we face an Orwellian situation of a secret intelligence agency with no law enforcement authority forbidden by law from conducting domestic surveillance perusing and all digital communications of the entire citizenry. -- The NSA has been gathering not only information analogous to pen register results but also the communications of American citizens themselves. The communications themselves --- the contents --- are subject to the 4th Amendment warrant requirement. Consider the circuitous route of the records ordered to be disclosed in the Verizon FISA order. Verizon was ordered to disclose them to the FBI, not to the NSA. But then the FBI apparently forwards the records to the NSA, who has both the "pen register
Paul Merrell

Spy Chief James Clapper Wins Rosemary Award - 0 views

www2.gwu.edu/...20140324

surveillance state NSA Rosemary-Award Obama Clapper Alexander

shared by Paul Merrell on 24 Mar 14 - No Cached
  • Director of National Intelligence James Clapper has won the infamous Rosemary Award for worst open government performance in 2013, according to the citation published today by the National Security Archive at www.nsarchive.org. Despite heavy competition, Clapper's "No, sir" lie to Senator Ron Wyden's question: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" sealed his receipt of the dubious achievement award, which cites the vastly excessive secrecy of the entire U.S. surveillance establishment. The Rosemary Award citation leads with what Clapper later called the "least untruthful" answer possible to congressional questions about the secret bulk collection of Americans' phone call data. It further cites other Clapper claims later proved false, such as his 2012 statement that "we don't hold data on U.S. citizens." But the Award also recognizes Clapper's fellow secrecy fetishists and enablers, including:
  • Gen. Keith Alexander, director of the NSA, for multiple Rose Mary Woods-type stretches, such as (1) claiming that the secret bulk collection prevented 54 terrorist plots against the U.S. when the actual number, according to the congressionally-established Privacy and Civil Liberties Oversight Board (PCLOB) investigation (pp. 145-153), is zero; (2) his 2009 declaration to the wiretap court that multiple NSA violations of the court's orders arose from differences over "terminology," an explanation which the chief judge said "strains credulity;" and (3) public statements by the NSA about its programs that had to be taken down from its website for inaccuracies (see Documents 78, 85, 87 in The Snowden Affair), along with public statements by other top NSA officials now known to be untrue (see "Remarks of Rajesh De," NSA General Counsel, Document 53 in The Snowden Affair).
  • Robert Mueller, former FBI director, for suggesting (as have Gen. Alexander and many others) that the secret bulk collection program might have been able to prevent the 9/11 attacks, when the 9/11 Commission found explicitly the problem was not lack of data points, but failing to connect the many dots the intelligence community already had about the would-be hijackers living in San Diego. The National Security Division lawyers at the Justice Department, for misleading their own Solicitor General (Donald Verrilli) who then misled (inadvertently) the U.S. Supreme Court over whether Justice let defendants know that bulk collection had contributed to their prosecutions. The same National Security Division lawyers who swore under oath in the Electronic Frontier Foundation's Freedom of Information Act lawsuit for a key wiretap court opinion that the entire text of the opinion was appropriately classified Top Secret/Sensitive Compartmented Information (release of which would cause "exceptionally grave damage" to U.S. national security). Only after the Edward Snowden leaks and the embarrassed governmental declassification of the opinion did we find that one key part of the opinion's text simply reproduced the actual language of the 4th Amendment to the U.S. Constitution, and the only "grave damage" was to the government's false claims.
  • ...9 more annotations...
  • President Obama for his repeated misrepresentations about the bulk collection program (calling the wiretap court "transparent" and saying "all of Congress" knew "exactly how this program works") while in effect acknowledging the public value of the Edward Snowden leaks by ordering the long-overdue declassification of key documents about the NSA's activities, and investigations both by a special panel and by the Privacy and Civil Liberties Oversight Board. The PCLOB directly contradicted the President, pointing out that "when the only means through which legislators can try to understand a prior interpretation of the law is to read a short description of an operational program, prepared by executive branch officials, made available only at certain times and locations, which cannot be discussed with others except in classified briefings conducted by those same executive branch officials, legislators are denied a meaningful opportunity to gauge the legitimacy and implications of the legal interpretation in question. Under such circumstances, it is not a legitimate method of statutory construction to presume that these legislators, when reenacting the statute, intended to adopt a prior interpretation that they had no fair means of evaluating." (p. 101)
  • Even an author of the Patriot Act, Rep. Jim Sensenbrenner (R-WI), was broadsided by the revelation of the telephone metadata dragnet. After learning of the extent of spying on Americans that his Act unleashed, he wrote that the National Security Agency "ignored restrictions painstakingly crafted by lawmakers and assumed plenary authority never imagined by Congress" by cloaking its actions behind the "thick cloud of secrecy" that even our elected representatives could not breech. Clapper recently conceded to the Daily Beast, "I probably shouldn't say this, but I will. Had we been transparent about this [phone metadata collection] from the outset … we wouldn't have had the problem we had." The NSA's former deputy director, John "Chris" Inglis, said the same when NPR asked him if he thought the metadata dragnet should have been disclosed before Snowden. "In hindsight, yes. In hindsight, yes." Speaking about potential (relatively minimal) changes to the National Security Agency even the president acknowledged, "And all too often new authorities were instituted without adequate public debate," and "Given the unique power of the state, it is not enough for leaders to say: Trust us. We won't abuse the data we collect. For history has too many examples when that trust has been breached." (Exhibit A, of course, is the NSA "watchlist" in the 1960's and 1970's that targeted not only antiwar and civil rights activists, but also journalists and even members of Congress.)
  • The Archive established the not-so-coveted Rosemary Award in 2005, named after President Nixon's secretary, Rose Mary Woods, who testified she had erased 18-and-a-half minutes of a crucial Watergate tape — stretching, as she showed photographers, to answer the phone with her foot still on the transcription pedal. Bestowed annually to highlight the lowlights of government secrecy, the Rosemary Award has recognized a rogue's gallery of open government scofflaws, including the CIA, the Treasury Department, the Air Force, the FBI, the Federal Chief Information Officers' Council, and the career Rosemary leader — the Justice Department — for the last two years. Rosemary-winner James Clapper has offered several explanations for his untruthful disavowal of the National Security Agency's phone metadata dragnet. After his lie was exposed by the Edward Snowden revelations, Clapper first complained to NBC's Andrea Mitchell that the question about the NSA's surveillance of Americans was unfair, a — in his words — "When are you going to stop beating your wife kind of question." So, he responded "in what I thought was the most truthful, or least untruthful, manner by saying 'no.'"
  • The Emmy and George Polk Award-winning National Security Archive, based at the George Washington University, has carried out thirteen government-wide audits of FOIA performance, filed more than 50,000 Freedom of Information Act requests over the past 28 years, opened historic government secrets ranging from the CIA's "Family Jewels" to documents about the testing of stealth aircraft at Area 51, and won a series of historic lawsuits that saved hundreds of millions of White House e-mails from the Reagan through Obama presidencies, among many other achievements.
  • After continuing criticism for his lie, Clapper wrote a letter to Chairman of the Senate Select Committee on Intelligence Dianne Feinstein, now explaining that he misunderstood Wyden's question and thought it was about the PRISM program (under Section 702 of the Foreign Intelligence Surveillance Act) rather than the telephone metadata collection program (under Section 215 of the Patriot Act). Clapper wrote that his staff "acknowledged the error" to Senator Wyden soon after — yet he chose to reject Wyden's offer to amend his answer. Former NSA senior counsel Joel Brenner blamed Congress for even asking the question, claiming that Wyden "sandbagged" Clapper by the "vicious tactic" of asking "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" Meanwhile, Steve Aftergood of the Federation of American Scientists countered that "it is of course wrong for officials to make false statements, as DNI Clapper did," and that in fact the Senate Intelligence Committee "became complicit in public deception" for failing to rebut or correct Clapper's statement, which they knew to be untruthful. Clapper described his unclassified testimony as a game of "stump the chump." But when it came to oversight of the National Security Agency, it appears that senators and representatives were the chumps being stumped. According to Representative Justin Amash (R-Mich), the House Intelligence Committee "decided it wasn't worthwhile to share this information" about telephone metadata surveillance with other members of Congress. Classified briefings open to the whole House were a "farce," Amash contended, often consisting of information found in newspapers and public statutes.
  • Director Clapper joins an undistinguished list of previous Rosemary Award winners: 2012 - the Justice Department (in a repeat performance, for failure to update FOIA regulations for compliance with the law, undermining congressional intent, and hyping its open government statistics) 2011- the Justice Department (for doing more than any other agency to eviscerate President Obama's Day One transparency pledge, through pit-bull whistleblower prosecutions, recycled secrecy arguments in court cases, retrograde FOIA regulations, and mixed FOIA responsiveness) 2010 - the Federal Chief Information Officers' Council (for "lifetime failure" to address the crisis in government e-mail preservation) 2009 - the FBI (for having a record-setting rate of "no records" responses to FOIA requests) 2008 - the Treasury Department (for shredding FOIA requests and delaying responses for decades) 2007 - the Air Force (for disappearing its FOIA requests and having "failed miserably" to meet its FOIA obligations, according to a federal court ruling) 2006 - the Central Intelligence Agency (for the biggest one-year drop-off in responsiveness to FOIA requests yet recorded).   ALSO-RANS The Rosemary Award competition in 2013 was fierce, with a host of government contenders threatening to surpass the Clapper "least untruthful" standard. These secrecy over-achievers included the following FOI delinquents:
  • Admiral William McRaven, head of the Special Operations Command for the raid that killed Osama Bin Laden, who purged his command's computers and file cabinets of all records on the raid, sent any remaining copies over to CIA where they would be effectively immune from the FOIA, and then masterminded a "no records" response to the Associated Press when the AP reporters filed FOIA requests for raid-related materials and photos. If not for a one-sentence mention in a leaked draft inspector general report — which the IG deleted for the final version — no one would have been the wiser about McRaven's shell game. Subsequently, a FOIA lawsuit by Judicial Watch uncovered the sole remaining e-mail from McRaven ordering the evidence destruction, in apparent violation of federal records laws, a felony for which the Admiral seems to have paid no price. Department of Defense classification reviewers who censored from a 1962 document on the Cuban Missile Crisis direct quotes from public statements by Soviet Premier Nikita Khrushchev. The quotes referred to the U.S. Jupiter missiles in Turkey that would ultimately (and secretly) be pulled out in exchange for Soviet withdrawal of its missiles in Cuba. The denials even occurred after an appeal by the National Security Archive, which provided as supporting material the text of the Khrushchev statements and multiple other officially declassified documents (and photographs!) describing the Jupiters in Turkey. Such absurd classification decisions call into question all of the standards used by the Pentagon and the National Declassification Center to review historical documents.
  • Admiral William McRaven memo from May 13, 2011, ordering the destruction of evidence relating to the Osama bin Laden raid. (From Judicial Watch)
  • The Department of Justice Office of Information Policy, which continues to misrepresent to Congress the government's FOIA performance, while enabling dramatic increases in the number of times government agencies invoke the purely discretionary "deliberative process" exemption. Five years after President Obama declared a "presumption of openness" for FOIA requests, Justice lawyers still cannot show a single case of FOIA litigation in which the purported new standards (including orders from their own boss, Attorney General Eric Holder) have caused the Department to change its position in favor of disclosure.
Paul Merrell

Feds confirm Bush-era e-mail surveillance - POLITICO.com - 0 views

www.politico.com/...email-surveillance-185283.html

surveillance state NSA Bush-II email digital-privacy

shared by Paul Merrell on 20 Mar 14 - No Cached
  • The U.S. government has acknowledged that it swept up huge volumes of data from emails in the U.S. for several years without any court approval, based solely on the orders of former President George W. Bush. In a court filings on Monday, government lawyers said that the Internet program ran in parallel with a program gathering so-called metadata about telephone calls. The counterterrorism efforts operated under presidential authority before a judge approved them in July 2004, said a 2007 court filing made public Monday by the Justice Department (and posted here.)
  • "After the 9/11 attacks and pursuant to an authorization of the President, [redacted] the NSA [redacted] the bulk collection of non-content information about  telephone calls and Internet communications (hereafter 'metadata') activities that enable the NSA to uncover the contacts [redacted] of members or agents of al Qaeda or affiliated terrorist organizations," a senior NSA official wrote in an October 2007 declaration originally filed under seal as part of an effort to defeat litigation about the snooping Bush ordered. "Specifically, the President authorized the the NSA to collect metadata related to Internet communications for the purpose of conducting targeted analysis to track Al Qaeda-related networks. Internet metadata is header/router/addressing information, such as the 'to,' 'from,' 'cc,' and 'bcc' lines, as opposed to the body or 're' lines, of a standard e-mail. Since July 2004, the collection of Internet metadata has been conducted pursuant to an Order of the Foreign Intelligence Surveillance Court," the still-unidentified official from NSA's Signals Intelligence Directorate continued. The email program was effectively public since June of last year, after contractor Edward Snowden leaked a top-secret National Security Agency inspector general report that described the program.
  • FISC Judge Colleen Kollar-Kotelly's opinion approving the surveillance was officially released in November 2013. However, the date she issued it was redacted. Many surmised that her opinion followed a dust-up in March 2004, when then-Deputy Attorney General James Comey questioned the legality of some aspect of Bush's post-9/11 surveillance programs and refused to reauthorize that portion of the surveillance. Comey's refusal is said to have put the program into turmoil for a period of months, until officials sought and won the order from Kollar-Kotelly blessing the gathering of both the email and telephone metadata. The publicly released version of Kollar-Kotelly's opinion does not discuss the operation of the program during the period before the application for court approval. The filings Monday came in continuing legal wrangling over obligations pending lawsuits may create for the NSA to hang on to aging metadata that it would ordinarily have been required to erase under FISC orders. A federal judge in San Francisco has required that the NSA preserve that data, at least for now, rather than erasing it.
Paul Merrell

NSA Will Destroy Archived Metadata When Program Stops - 0 views

firstlook.org/...rchived-metadata-program-stops

surveillance state telephone-metadata purge pending-litigation

shared by Paul Merrell on 28 Jul 15 - No Cached
  • Four months from now, at the same time that the National Security Agency finally abandons the massive domestic telephone dragnet exposed by whistleblower Edward Snowden, it will also stop perusing the vast archive of data collected by the program. The NSA announced on Monday that it will expunge all the telephone metadata it previously swept up, citing Section 215 of the U.S.A Patriot Act. The program was ruled illegal by a federal appeals court in May. In June, Congress voted to end the program, but gave the NSA until the end of November to phase it out. The historical metadata —  records of American phone calls showing who called who, when, and for how long — will be put out of the reach of analysts on November 29, although technical personnel will have access for three more months. The program started 14 years ago, and operated under rules requiring data be retained for five years, and then destroyed.
  • The only possible hold-up, ironically, would be if any of the civil lawsuits prompted by the program prohibit the destruction of the data. “The telephony metadata” will be “preserved solely because of preservation obligations in pending civil litigation,” the Office of the Director of National Intelligence announced. “As soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations.” ACLU staff attorney Alex Abdo told The Intercept his organization is “pleased that the NSA intends to purge the call records it has collected illegally.” But, he added: “Even with today’s pledge, the devil may be in the details.”
Paul Merrell

Why AT&T's Surveillance Report Omits 80 Million NSA Targets | Threat Level | Wired.com - 0 views

www.wired.com/...ma-bell-non-transparency

surveillance state NSA transparency Obama AT&T

shared by Paul Merrell on 24 Feb 14 - No Cached
  • AT&T this week released for the first time in the phone company’s 140-year history a rough accounting of how often the U.S. government secretly demands records on telephone customers. But to those who’ve been following the National Security Agency leaks, Ma Bell’s numbers come up short by more than 80 million spied-upon Americans. AT&T’s transparency report counts 301,816 total requests for information — spread between subpoenas, court orders and search warrants — in 2013. That includes between 2,000 and 4,000 under the category “national security demands,” which collectively gathered information on about 39,000 to 42,000 different accounts. There was a time when that number would have seemed high. Today, it’s suspiciously low, given the disclosures by whistleblower Edward Snowden about the NSA’s bulk metadata program. We now know that the secretive Foreign Intelligence Surveillance Court is ordering the major telecoms to provide the NSA a firehose of metadata covering every phone call that crosses their networks. An accurate transparency report should include a line indicating that AT&T has turned over information on each and every one of its more than 80 million-plus customers. It doesn’t.
  • That’s particularly ironic, given that it was Snowden’s revelations about this so-called “Section 215″ metadata spying that paved the way for the transparency report. In Snowden’s wake, technology companies pushed President Barack Obama to craft new rules allowing them to be more transparent about how much customer data they’re forced to provide the NSA and other agencies. In a Jan. 17 globally televised speech, Obama finally agreed. We will also enable communications providers to make public more information than ever before about the orders they have received to provide data to the government. But when the new transparency guidelines came out on Jan. 27, the language left it unclear whether discussing bulk collection was allowed, says Alex Abdo, an American Civil Liberties Union staff attorney. AT&T on Monday became the first phone company to release a transparency report under the new rules, and the results seem to confirm that the metadata collection is still meant to stay secret. “This transparency report confirmed our fear that the DOJ’s apparent concession was carefully crafted to prevent real transparency,” Abdo says. “If they want real transparency, they would allow the disclosure of the bulk telephone metadata program.”
  • The guidelines allow for the disclosure, in chunks of 1,000, of “the number of customer selectors [phone numbers] targeted under FISA non-content orders.” Since the bulk metadata collection doesn’t “target” any “selectors” it is, by definition, not subject to disclosure. This loophole is no accident of phrasing. In other sections of the guidelines covering National Security Letters — a type of subpoena that doesn’t require a judge’s signature — Obama allows disclosure of the “number of customer accounts affected.” If the guidelines used that same language for the FISA disclosures, AT&T’s transparency report would presumably disclose that more than 80 million customers — that would be all of AT&T’s customers — had been spied upon. The end result, observes Kevin Bankston, the policy director of the New America Foundation’s Open Technology Institute, is that Obama’s so-called reform has spawned a misleading report that provides false comfort to AT&T customers — and all Americans.
Paul Merrell

The NSA says it 'obviously' can track locations without a warrant. That's not so obvious. - 0 views

www.washingtonpost.com/...a-warrant-thats-not-so-obvious

surveillance state NSA NSA-targets location-data constitutional law

shared by Paul Merrell on 05 Dec 13 - No Cached
  • In conversations with The Washington Post over Barton Gellman and Ashkan Soltani's recent story on cellphone location tracking, an intelligence agency lawyer told Gellman, "obviously there is no Fourth Amendment expectation in communications metadata.” But some experts say it's far from obvious that the 1979 Supreme Court case on which the administration bases this view gives the government unfettered power to scoop up Americans' cellphone location data.
  • And there's some reason to believe that a majority of the current Supreme Court justices might agree with her on the location data aspect of metadata. The most recent Supreme Court case involving location tracking, United States v. Jones was settled on narrow trespassing grounds in 2012. But five Supreme Court justices signed on to concurring opinions that questioned whether Smith v. Maryland holds up in the face of modern technology.  An opinion concurring in judgment with the Jones decision written by Justice Samuel Alito, and joined by Justices Ruth Bader Ginsburg, Stephen Breyer and Elena Kagan specifically noted the prevalence of smartphones and argued that "the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy."
  • A separate concurring opinion from a fifth justice, Sonia Sotomayor made many of the same arguments, saying "fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties" -- and even went further by arguing that "awareness that the Government may be watching chills associational and expressive freedoms."
  • Paul Merrell on 05 Dec 13
     
    A Supreme Court majority also specifically reserved judgment on whether the principles of Smith v. Maryland would apply in cases involving dragnet surveillance, specifically referring to Smith, in the case of Amnesty International v. Clapper, last year. Both Amnesty Int'l  and Jones were decided before revelations of widespread NSA surveillance broke beginning in June, 2013. Since then, the mood of the nation has changed enormously, from ignorant to informed and mostly objecting.  That factor will weigh heavily in the Supreme Court's inevitable decision on whether dragnet seizure of call metadata is constitutional.   So it takes some chutzpah for government lawyers to claim that Smith v. Maryland authorized warrantless gathering of telephone metadata in the dragnet context where no single person is suspected of a crime. The Supreme Court has never so held. At stake: whether we become an Orwellian state.
Paul Merrell

The Rutherford Institute :: A Historic Analysis of the Fourth Amendment's Reasonable Ex... - 0 views

www.rutherford.org/...reasonable_expectations_of_pri

surveillance state NSA constitutional law 4th Amendment call-metadata legalres

shared by Paul Merrell on 23 May 14 - No Cached
  • In June 2013, the Guardian newspaper, utilizing documents disclosed by Edward Snowden, a former employee of a National Security Agency (NSA) contractor, reported that the FBI had obtained a ninety-day order from the Foreign Intelligence Surveillance Court (FISC) requiring Verizon Business to provide the NSA daily so-called telephone metadata on all their customers’ communications, although none were suspected of a connection with international terrorism or other wrongdoing. Later public revelations established that the order had been renewed thirty-six times since May 2006, and that companion FISC orders had been directed to all major telecommunications companies. This unprecedented intrusion into the activities that citizens heretofore considered private and personal is effected without any suspicion and without any limitation to information related to some known threat from a foreign actor considered dangerous to the United States. While the FISC has uniformly upheld the constitutionality of the dragnet telephony metadata and search program of the NSA in non-adversary proceedings, Article III courts are divided at present. The United States Supreme Court has recently declared that the Fourth Amendment should be interpreted today to secure the same level of privacy protection as was reasonably expected of citizens when the Amendment was ratified in 1792. In making that assessment, law enforcement resources, investigative priorities, and technological and jurisdictional limitations on the government are all pertinent. As elaborated in the analysis linked below, the historical interpretation of the Fourth Amendment’s privacy guarantees suggests that the NSA’s bulk collection of telephone metadata violates the Constitution.   Click here to view The Rutherford Institute's historic analysis of the Fourth Amendment as it relates to the NSA's surveillance activities.
  • Paul Merrell on 23 May 14
     
    Lengthy historical analysis of the Fourth Amendment as applied to NSA gathering of call metadata, concluding that the Amendment has been violated.
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Paul Merrell

Customer proprietary network information - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...roprietary_network_information

security state call-metadata 4th Amendment

shared by Paul Merrell on 06 Jan 14 - No Cached
  • Customer proprietary network information (CPNI) is the data collected by telecommunications companies about a consumer's telephone calls. It includes the time, date, duration and destination number of each call, the type of network a consumer subscribes to, and any other information that appears on the consumer's telephone bill. Telemarketers working on behalf of telephone companies, attempting to either win back a customer or upsell a customer with more services, must ask the customer's consent before accessing the billing information or before using that information to offer an upsell or any change of services. Usually this is done at the beginning of a call from the telemarketer to the telephone subscriber.
  • Note that as long as an affiliate is "communications" related, the FCC has ruled that CPNI is under an opt-out approach (can be shared without your explicit permission). A phone company is permitted to sell all information on you, such as numbers you call, when you called them, where you were when you called them, or any other personally identifying information. CPNI would normally require a warrant for law enforcement agencies, but it can be freely sold to "communications" related companies. One can verify this by checking rule 64.2007(b)(1) and footnote 137 in the 2007 CPNI order. One can call up a phone company and opt out by requesting that they do not share CPNI information. In the case of
  • The U.S. Telecommunications Act of 1996 granted the Federal Communications Commission (FCC) authority to regulate how customer proprietary network information (CPNI) can be used and to enforce related consumer information privacy provisions. The rules in the 2007 FCC CPNI Order further restrict CPNI use and create new notification and reporting requirements. The rules in the 2007 CPNI Order include: Limits the information which carriers may provide to third-party marketing firms without first securing the affirmative consent of their customers Defines when and how customer service representatives may share call details Creates new notification and reporting obligations for carriers (including identity verification procedures) Verification process must MATCH what is shown with the company placing the call.
  • ...1 more annotation...
  • The 2007 CPNI Order does not revise all CPNI rules. For example, the rule revisions adopted in the Order do not limit a carrier's ability to use CPNI to perform billing and collections functions, restrict CPNI use to effect maintenance and repair activity, or impact responses to lawful subpoenas. Fines for failure to comply with CPNI rules can be substantial. Since 2006, the FCC, focusing on one rule regarding internal annual compliance certificates, proposed over $1 million in fines and those fines are not necessarily indicative of the fines the FCC could propose. The FCC is authorized to impose fines of up to $150,000 for each rule violation or each day of a continuing violation up to a maximum of $1.5 million for each continuing violation.[1] The rules adopted in the Order are effective either six months after the Order is published in the Federal Register or on receipt of Office of Management and Budget approval of the new rules depending on which event is later. (Order at ¶61)
  • Paul Merrell on 06 Jan 14
     
    A term that may become controversial in the context of pending cases under the 4th Amendment against NSA surveillance, going to the "reasonableness" of a customer's expectation of privacy in call metadata.
Gary Edwards

Told Ya So: NSA's Collection Of Metadata Is Screamingly Illegal - Forbes - 1 views

www.forbes.com/...2

NSA-Patriot-Act-NDAA Edward-Snowden

shared by Gary Edwards on 27 Jan 14 - No Cached
  • The PCLOB disagrees.  While “the matter is not free from doubt, we believe that these decisions are wrong. ‘[I]t is a commonplace of statutory construction that the specific governs the general,’ the Supreme Court has said.” If Congress said telephone companies can share customer data in specific circumstances, but not in response to Section 215 orders, that’s what the law is.  That conclusion seems, to us if not to Judge Pauley, crystal clear.
  • So the NSA’s telephone metadata spying program exceeds the agency’s authority under the Patriot Act, and violates ECPA in the process. But we’re still not done – it gets worse yet. For there are good reasons to believe the NSA’s phone records collection is not just illegal, but criminal.
  • Telephone and Internet metadata are protected by law under the aforementioned “pen register” statute.  That statute says that “no person may install or use a pen register or a trap and trace device without first obtaining a court order under section 3123 of this title or under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.).” Pen registers and trap and trace devices collect dialing, routing, signaling or addressing information. Violation of the statute is a criminal misdemeanor.
  • ...2 more annotations...
  • We suspect that the phone companies have put in place a process adopted specifically to collect the information that the government demands via its section 215 orders and transmit that information to the government according to technological specifications that the government establishes.  We have seen just this sort of cooperative relationship in another of the NSA’s mass surveillance programs – PRISM – which collects the content of emails, text messages, IMs, and other Internet communications.
  • The government works with telephone and Internet companies to get access to the data it wants in a specific, interoperable format. And this is the problem: If the process for collecting data in response to section 215 orders is in any way different from the process for regular billing, without meeting the statutory requirements for installation of a pen register device, it is a crime.
Paul Merrell

PATRIOT Act spying programs on death watch - Seung Min Kim and Kate Tummarello - POLITICO - 0 views

www.politico.com/...ct-spying-programs-117976.html

surveillance state NSA 502-program legislation must-read

shared by Paul Merrell on 15 May 15 - No Cached
  • With only days left to act and Rand Paul threatening a filibuster, Senate Republicans remain deeply divided over the future of the PATRIOT Act and have no clear path to keep key government spying authorities from expiring at the end of the month. Crucial parts of the PATRIOT Act, including a provision authorizing the government’s controversial bulk collection of American phone records, first revealed by Edward Snowden, are due to lapse May 31. That means Congress has barely a week to figure out a fix before before lawmakers leave town for Memorial Day recess at the end of the next week. Story Continued Below The prospects of a deal look grim: Senate Majority Leader Mitch McConnell on Thursday night proposed just a two-month extension of expiring PATRIOT Act provisions to give the two sides more time to negotiate, but even that was immediately dismissed by critics of the program.
  • Paul Merrell on 15 May 15
     
    A must-read. The major danger is that the the Senate could pass the USA Freedom Act, which has already been passed by the House. Passage of that Act, despite its name, would be bad news for civil liberties.  Now is the time to let your Congress critters know that you want them to fight to the Patriot Act provisions expire on May 31, without any replacement legislation.  Keep in mind that Section 502 does not apply just to telephone metadata. It authorizes the FBI to gather without notice to their victims "any tangible thing", specifically including as examples "library circulation records, library patron lists, book sales records, book customer lists, firearms sales records, tax return records, educational records, or medical records containing information that would identify a person." The breadth of the section is illustrated by telephone metadata not even being mentioned in the section.  NSA going after your medical records souand far fetched? Former NSA technical director William Binney says they're already doing it: "Binney alludes to even more extreme intelligence practices that are not yet public knowledge, including the collection of Americans' medical data, the collection and use of client-attorney conversations, and law enforcement agencies' "direct access," without oversight, to NSA databases." https://consortiumnews.com/2015/03/05/seeing-the-stasi-through-nsa-eyes/ So please, contact your Congress critters right now and tell them to sunset the Patriot Act NOW. This will be decided in the next few days so the sooner you contact them the better. 
Paul Merrell

Senate Bill Requires Report on "All" NSA Bulk Collection | Federation Of American Scien... - 0 views

fas.org/...all-nsa-bulk-collection

surveillance-state NSA-reform legislation

shared by Paul Merrell on 19 Jul 14 - No Cached
  • The National Security Agency would be required to prepare an unclassified report on “all NSA bulk collection activities,” the Senate Appropriations Committee directed in its report on the Fiscal Year 2015 Department of Defense Appropriations bill, published yesterday. The Committee told the NSA to prepare a report “describing all NSA bulk collection activities, including when such activities began, the cost of such activities, what types of records have been collected in the past, what types of records are currently being collected, and any plans for future bulk collection.” Such a report would be expected to clarify whether NSA bulk collection extends beyond the acknowledged telephone metadata program in Section 215 of the USA Patriot Act. The required report is to be “unclassified to the greatest extent possible,” the Senate Committee said. In the reporting requirements that it imposed on NSA, the Senate Appropriations Committee notably went beyond what was required by the Senate or House Intelligence Committees. The Appropriations Committee also directed NSA to submit additional reports on the total number of records acquired and reviewed by NSA in its bulk telephone metadata program over the past five years, and an estimate of the number of records of U.S. persons that have been acquired and reviewed in the telephone metadata program. Another unclassified report is required to provide “a list of terrorist activities that were disrupted, in whole or in part, with the aid of information obtained through NSA’s telephone metadata program.”
  • Update: Identical reporting language was included by the Senate Appropriations Committee last year in its report on the FY2014 Defense Appropriations bill (h/t @byersalex), yet the required NSA reports were not produced. At Emptywheel, Marcy Wheeler questions the utility of the proposed reports, particularly since the Senate Committee language lacks a clear, unambiguous definition of “bulk collection.”
Paul Merrell

GCHQ taps fibre-optic cables for secret access to world's communications | UK news | gu... - 0 views

www.guardian.co.uk/...ecret-world-communications-nsa

surveillance state NSA GCHQ UK Snowden must-read

shared by Paul Merrell on 22 Jun 13 - No Cached
  • Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
  • GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called "the largest programme of suspicionless surveillance in human history"."It's not just a US problem. The UK has a huge dog in this fight," Snowden told the Guardian. "They [GCHQ] are worse than the US."
  • However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.Britain's technical capacity to tap into the cables that carry the world's communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.By 2010, two years after the project was first trialled, it was able to boast it had the "biggest internet access" of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.UK officials could also claim GCHQ "produces larger amounts of metadata than NSA". (Metadata describes basic information on who has been contacting whom, without detailing the content.)By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: "We have a light oversight regime compared with the US".
  • ...8 more annotations...
  • When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was "your call".The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.
  • For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.This was done under secret agreements with commercial companies, described in one document as "intercept partners".The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".
  • "The criteria are security, terror, organised crime. And economic well-being. There's an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don't have the resources."However, the legitimacy of the operation is in doubt. According to GCHQ's legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.
  • The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ's compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.An indication of how broad the dragnet can be was laid bare in advice from GCHQ's lawyers, who said it would be impossible to list the total number of people targeted because "this would be an infinite list which we couldn't manage".There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: "So far they have always found in our favour".
  • Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA's intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK's position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.
  • The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.
  • The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency's comparative advantage as the world's leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ's capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: "You are in an enviable position – have fun and make the most of it."
  • British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal
  • Paul Merrell on 22 Jun 13
     
    Note particularly that the Brit criteria adds economic data to the list of categories categories the NSA trawls for and shares its data with the U.S. NSA. Both agencies claim to be targeting foreigners, so now we're into the "we surveil your citizens; you surveil our citizens, then we'll share the results" scenario that leaves both sides of the pond with a superficial excuse to say "we don't surveil our own citizens, just foreigners." But it's just ring-around-the-rosy. 850,000 NSA employees and U.S. private contractors with access to GCHQ surveillance databases.  Lots more in the article that I didn't highlight.
1 - 20 of 80 Next › Last »
Showing 20 items per page