702 surveillance legislation: Adding Wyden-Paul “USA Rights Act” to the mix. Bonus: a chart comparing differences with SSCI/Burr & Goodlatte/Conyers HJC bills

Today the Senate Select Committee on Intelligence is marking up, in secret, Chairman Burr’s bill to extend the FISA Amendments Act Section 702 warrantless surveillance program, the FISA Amendments Reauthorization Act. While the bill is not yet public, I published a copy here yesterday, alongside a revised draft of the Goodlatte-Conyers House Judiciary Committee bill, the USA Liberty Act. Now comes a third major stab at legislation to deal with the 702 program, which is set to expire at the end of 2017 if Congress enacts no extension bill, and proposed reforms: Senators Ron Wyden’s and Rand Paul’s USA Rights Act, linked here and also posted below.

The Rights Act will be formally introduced later today, and I suspect Wyden will also propose its text as a substitute amendment to the Burr bill at the SSCI hearing today, and then it will probably be rejected by a majority of the committee, as that is also what happened with the Patriot Act Section 215 expiration/reform fight. [See Power Wars, Chapter 11 (Institutionalized: Surveillance 2009-2017), Section 10 (Outside the Oval Office: Freedom Act I).]

Here is a run-down of some major differences:

Burr’s draft SSCI bill, the FISA Amendments Reauthorization Act of 2017 Goodlatte-Conyers’s HJC bill, the USA Liberty Act of 2017 Wyden-Paul’s bill, the USA Rights Act of 2017
Sunset: Extension of the  Section 702 warrantless surveillance law, which is now set to expire on Dec. 31, 2017, until Dec. 31, 2025 Sept. 30, 2023 Sept. 30, 2021
Backdoor searches” for Americans’ content within the 702 repository of e-mails etc. collected without a warrant No change: US person queries still permitted without a court order Queries without an order still permitted for intelligence purposes. Queries for criminal purposes would ping the database and say whether there is a hit, but a judicial warrant that there is probable cause for a serious crime would be necessary to view it. Judicial warrant required for any type of query (criminal or intelligence); absent a warrant database would not show whether there was a hit
Collection of “about the target” communications that are neither to nor from the target, which the NSA recently ceased Would permit the NSA, with the FISA Court’s permission, to turn “about” collection back on, with 30 days prior notice to Congress and expedited consideration of any bill to block the resumption Would codify a ban on “about” collection until the sunset of this cycle of 702 reauthorization Would ban “about” collection
Limits on law enforcement use of 702 information against Americans Would limit use of 702 information as courtroom evidence in criminal prosecutions to national-security cases and a list of serious crimes e.g. murder; but imposes no limit on use of 702 information for investigations or civil/administrative cases Would impose no law-enforcement usage limits on investigations or courtroom evidence Would limit law enforcement use across the board (investigations, courtroom evidence, administrative proceedings) to a list of national-security matters
Notice to defendants when they face evidence “derived from” 702 warrantless surveillance No change No change Would tighten definition of what triggers a notification requirement
Chief Justice Roberts’ unilateral power to select which judges serve on the FISA Court No change No change Would impose a check and balance by having the chief judges of each of the 13 circuit courts of appeal nominate  contenders to the chief justice for final selection

 



Wyden Paul USA Rights Act (Text)



Pre-markup SSCI Burr 702 bill draft (Text)



USA Liberty Act – revised version (Text)

Latest FISA Amendments Act 702 surveillance legislation: SSCI, HJC

Lots of legislative action on FISA Amendments Act Section 702 warrantless surveillance is happening with drafts that are not public even though they are not classifed. Here are some.

The Senate Select Committee on Intelligence on October 24, 2017, will mark up – behind closed doors – a bill being pushed by its chairman, Senator Richard Burr, Republican of North Carolina. Burr isn’t showing his draft to the public, and not clear what it will look like when the hearing is done, but here is a copy of the draft legislation, with annotations, heading into that hearing.

Senators Ron Wyden and Rand Paul are developing their own bill, which I imagine Wyden will offer as a substitute amendment on Tuesday but will probably be voted down. (That’s what happened with Patriot Act 215 reform legislation.)

In the House, the bipartisan bloc of House Judiciary Committee leaders (incl Goodlatte and Sensenbrenner, along with Conyers) have produced a revised draft version of their “USA Liberty Act,” which I posted with annotations last week.

Burr’s bill would extend 702 without significant reforms through 2025. The House bill would extend it to 2023 and would do things like codify a ban on “abouts” collection and require judicial warrants for FBI searches for Americans’ information within the repository for criminal but not foreign intelligence purposes. We’ll see whether the Wyden-Paul bill would go further on closing the so-called backdoor search loophole for intelligence searches too; Wyden has been a huge critic of warrantless queries for Americans’ info.

[Update 10/24/2017: Here is a draft of the Wyden-Paul bill, along with a chart comparing major differences among the three rival pieces of legislation.]

So there’s a lot of disagreement heading toward that Dec. 31, 2017, sunset date.







NSA Declassifies Pile of Documents from 2011 Upstream Surveillance Litigation

The National Security Agency has declassified a third (and final) tranche of previously unreleased documents from the docket of a then-secret 2011 Foreign Intelligence Surveillance Court case over upstream Internet surveillance conducted under the FISA Amendments Act/702 program.

Here are the first and second tranches. This third tranche is long a dense – nearly 350 pages – but it seems to largely cover the same ground as was summarized in the most important documents in the second tranche, so I don’t immediately see a stand-alone general reader news story here. I’ve posted the documents on the New York Times website and will put them below as well. There’s some TLDR annotations in the margins on Document Cloud.



Don’t cite the Prism v. Upstream collection numbers from Judge Bates’ 2011 FISC opinion anymore

Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about the volume of internet communications the National Security Agency was collecting under the FISA Amendments Act (“Section 702”) warrantless surveillance program. In his opinion, declassified in August 2013, Judge Bates wrote that the NSA was collecting more than 250 million internet communications a year, of which 91 percent came from its Prism system (which collects stored e-mails from providers like Gmail) and 9 percent came from its upstream system (which collects transmitted messages from network operators like AT&T).

These numbers are wrong. This blog post will address, first, the widespread nature of this misunderstanding; second, how I came to FOIA certain documents trying to figure out whether the numbers really added up; third, what those documents show; and fourth, what I further learned in talking to an intelligence official. This is far too dense and weedy for a New York Times article, but should hopefully be of some interest to specialists.

First: This misunderstanding is widespread, showing up in court filings, articles, and books. The Washington Post cited it in one of its 2013 articles about the documents Edward Snowden sent to Bart Gellman. The Privacy and Civil Liberties Oversight Board, on pages 33-34 of its big 2014 report on 702, repeated it. I cited this statistic in my 2015 book, Power Wars.  Laura Donahue refers to it on page 55 of her 2016 book, The Future of Foreign Intelligence. Tim Edgar cited it in an endnote on page 249 of his new bookBeyond Snowden, though he also cited a blog post I wrote last year raising doubts about it.

Second: I raised those doubts after reading a Medium post by Beatrice Hanssen that focused on Judges Bates’ opinion and the implications of “Multi-Communication Transactions” (where one intercepted upstream internet transaction might contain a bundle of many discrete communications). Hanssen raised the question of whether the existence of MCTs meant FISA Amendments Act upstream collection was bulkier than has been understood. I don’t agree with all of Hanssen’s analysis/claims about what an MCT is and what is happening.  But her her claim seemed plausible to me that his ruling was mistakenly conflating “communications” and “transactions,” such that it was impossible for upstream to account for just 9 percent of the total 702 internet “communications” collected. That prompted me to FOIA the NSA for the other documents from the docket that led to the Bates rulings. I recently got the second big tranche from that lawsuit, which make a passing appearance in an article the New York Times published tonight.

Third: The documents show that the NSA/DOJ did tell Bates the numbers he recycled or paraphrased, but they strongly suggest that the government was misleadingly using the terms “communications” and “transactions” as interchangeable when they are not. Specifically, Bates was told (see Sept. 9, 2011 filing):

  • The NSA took a mid-July 2011 snapshot of stuff added to its 702 repository during the first six months of 2011 and identified 140.97 million such Internet “communications.”
    • So multiplying that by two to get a year’s worth, that means NSA was collecting more like 281 million internet … somethings (see below) a year in that time period. Bates simplified this to “more than 250 million.”
    • (Complication: Actually there were more somethings collected, but about 18k had been purged in the first six months for compliance reasons like roamers/overcollection before the snapshot, with the further complication that not all 18k had been gathered in 2011.)
    • Of these 140.97 million somethings in six months, 127.72 million (about 91 percent) came from Prism and 13.25 million (about 9 percent) came from upstream. So that is where that ratio came from.
  • The NSA also conducted a manual review of a statistically representative sample of upstream 702 “communications” in its repository. This covered 50,440 “transactions.” Of those, 5,081 (about 10 percent) were multi-communication transactions or MCTs and 45,359 (about 90 percent) were discrete/single communications or SCTs.
    • Since about 10 percent of upstream transactions were MCTs, each of which represent multiple communications, the upstream contribution to the total must be significantly more than 13.25 million in six months (or 26.5 million in a year). (Note: Hanssen’s Medium post got into some of this, too, citing a footnote in Bates’ opinion.)
    • Therefore, the NSA must have been collecting more than the 250-280 million internet “communications” Bates’ opinion and the newly disclosed NSA/DOJ submission to Bates suggested, and upstream must make up a larger percentage of the total haul of 702 collection than 9 percent.
    • Since we don’t know what the average number of discrete communications within an MCT is, we don’t know what the right multiplier is. We just know those numbers for total communications, and for the ratio of upstream communications collection versus Prism communications collection, must be wrong.
      • UPDATE: For example, if the MCT multiplier is 10, then total annual 702 collection circa 2011 was about 305.79 million communications, of which upstream accounted for 50.35 million or 16.5% of that total. If the multiplier is 100, the total was 544.29 million, of which upstream contributed 288.85 million, representing 53.1 percent.
      • Note that because of the end of “about” collection, these numbers are obsolete anyway and only of historical interest.

Fourth: After receiving and thinking about these documents, I spoke to a U.S. intelligence official about them. The official confirmed that the numbers were misleading, explaining that in that time period the NSA was using the words “communications” and “transactions” interchangeably, but after the 2011 attention to the existence of the MCT phenomenon made clear that was imprecise, it stopped doing so. The official said the 91 percent Prism to 9 percent upstream ratio was correct as far as units of stuff collected, but since sometimes one unit of stuff was many discrete communications, it’s not clear how many “communications” are in the upstream pile. The official was unaware of any NSA study that determined what the average number of communications in upstream MCT is.

But the official said there was another complexity that cut the other way. Sometimes, in upstream surveillance, a single discrete communications is chopped up and transmitted separately, and therefore intercepted as multiple transactions. In that case, rather than one transaction representing multiple communications, one communication would represent multiple transactions. So it’s twice murky.

In sum, we don’t know what we thought we knew. But we do know now that nobody should cite those numbers anymore, or at least not without a long and complicated caveat.



 

Temporary solution to Power Wars index page problems

**UPDATE: Problem fixed, many thanks to John Musser of Digerati Designs.**

Several readers have brought to my attention that the web page containing the index to the hardcover edition of Power Wars will not load; it appears to have become corrupted.

Unfortunately it is so far proving to be beyond my WordPress skills to fix this problem. I can’t just create a new page and paste the index into it because the URL is printed at the back of the book and so the permalink needs to stay the same.

I apologize for the inconvenience. Fortunately, there is a workaround while I continue to seek a solution: please use the Google cache version of that web page, or you can download a PDF version.

But paperback edition readers may rejoice; a printed index is one of a number of improvements in that edition.

Judge orders Trump admin to speed up a search for legal documents, if any, about legal basis, if any, for April airstrike against Syria

Yesterday, Federal District Court Judge Christopher Cooper issued an unusual 14-page ruling in a Freedom of Information Act case brought by Protect Democracy and a preliminary injunction ordering the government to expedite its processing of the matter. The lawsuit is seeking documents laying out the Trump administration’s legal rationale for the United States’ April 6 airstrike against Assad regime forces in Syria as punishment for using chemical weapons. As a development, this is too incremental for a New York Times story, but it’s worth noting for executive power specialists — especially given some striking language the judge used.

A bit of background: One of the mysteries of the Trump administration’s first six months in power has been what the government was thinking, legally, when Trump ordered that airstrike. Congress had not authorized the U.S. government to use military force against the Syrian government as a matter of domestic law, and the United Nations Security Council had not done so as a matter of international law. Moreover, Syria had not attacked the United States and was not threatening to do so, so there was no self-defense claim. I wrote a New York Times article working through those war-powers legal puzzles on April 7, and on May 8 I wrote another NYT article about a newly filed a Freedom of Information Act lawsuit by Protect Democracy seeking documents. On June 20, I noted in another NYT article that the April 6 strike had been followed by several other violent encounters between the United States and Syrian government forces who were said to be threatening rebel militias that the United States is supporting — raising fears that the U.S. is sliding into war with Syria itself; the chairman of the Joint Chiefs of Staff, Gen. Joseph F. Dunford Jr., had claimed the authority for that subsequent combat stemmed from the 2001 authorization to use military force against the perpetrators of 9/11 because the American military presence in Syria was predicated on fighting Al Qaeda and the Islamic State there.

Against that backdrop, yesterday Judge Cooper wrote:

if production is unduly delayed, both Protect Democracy and the public at large will be “precluded . . . from obtaining in a timely fashion information vital to the current and ongoing debate surrounding the legality of” a high-profile government action, …—namely, military strikes against the Syrian government. Being closed off from such a debate is itself a harm in an open democracy. … But there is another potential harm, too: The possibility for the strikes to recur without legal justification. By then, any damage will have been done. … In short, because Protect Democracy has demonstrated a “compelling need” for the information it requested, the Court finds that the organization is likely to prevail on the merits of its expedited processing claim. (internal cites omitted)

Here is the ruling:



Protect Democracy FOIA Syria war powers expedited processing (Text)

What Has Changed in the New, “Definitive” Power Wars

[Cross-posted to Lawfare]

Today, Hachette is publishing the paperback edition of my history of Obama-era national-security legal policymaking, Power Wars, which is also replacing the text future e-book buyers will receive. I have systematically updated and revised the book since its hardcover publication in November 2015.

A few months ago, over coffee in Cambridge, Jack Goldsmith generously proposed that when this edition came out I should write something for Lawfare explaining what is different about it. So below I will briefly explain its navigational, cosmetic, and substantive improvements, including its new Trump-focused preface .

The TLDR takeaway is that this is a much-refined director’s cut, and going forward it should stand as the definitive edition of Power Wars.

NAVIGATIONAL

Some scholars, journalists, and national-security lawyers have been using Power Wars as a reference. Two structural enhancements to the paperback should make it more useful for this purpose. First, its table of contents now incorporates the 20 or so subchapter headings from each chapter, making it easier to jump around in. Second, the paperback includes a printed index. The hardcover has an index, too, but it only exists online, which is cumbersome – and some people do not realize it is there.

COSMETIC

Hachette has added a picture of the White House to the cover, and where the hardcover is subtitled “Inside Obama’s Post-9/11 Presidency,” the paperback has a less time-pegged subtitle: “The Relentless Rise of Presidential Authority and Secrecy.” Between the covers, I massaged and smoothed out the writing in numerous small ways after re-reading it from a distance and discovering flaws, like referring to people only by their last names even though they had not been mentioned for many pages.

SUBSTANTIVE

The main text is also salted with improvements based on more or better information that became available after the hardcover went to print. (In order to preserve the existing index, these additions required tightening the text on the same pages.) Among the categories of such revisions:

  • Stories have endings: The hardcover leaves off with events as they stood in the summer of 2015. For example, Guantanamo has 116 detainees and it’s not yet clear whether Obama will succeed or fail in closing the prison; at Fort Leavenworth, Chelsea Manning is staring down 30 more years of hard time; and the F.B.I. is refusing to make public its contemporaneous “302” reports showing what the underwear bomber told interrogators about Anwar al-Awlaki in January 2010. The paperback, revised in the spring of 2017, completes such narratives with events through the final 18 months of Obama’s presidency and a bit beyond.
  • Accounts are more complete: After the hardcover text closed, the government declassified more information about some of the episodes it recounts, and participants in the behind-the-scenes meetings and conversations it describes read the book and told me additional details. For example, in response to one of my Freedom of Information Act lawsuits, the government disclosed a third legal problem the Justice Department had identified in the spring of 2004 about the Stellarwind surveillance and bulk data collection program, meaning the hardcover’s account of the “hospital room” crisis, which describes only two – one the public already knew about, and one that Power Wars first reported – is missing something important. The paperback is enriched with such subsequently available information.
  • Errors are corrected, nuances adjusted: Inevitably, there were places where I came to believe that I had missed the mark in the hardcover, so the paperback fixes those problems. For example, when the four lawyers working on the hypersecret planning for the Osama bin Laden raid cleared the way for Obama to order it as an explicit kill mission, subject to a requirement that the SEAL Team Six operators accept any surrender offer if feasible, it was not those lawyers who construed feasibility so narrowly that the administration did not bother to come up with a real disposition plan in case bin Laden survived and was taken prisoner. Rather, that narrow construction came from existing military rules of engagement for Special Operations Forces raids on potentially booby-trapped terrorist compounds.

THE NEW PREFACE

There is a now-glaring omission in the hardcover edition: while most of the serious G.O.P. contenders for the 2016 nomination make cameo appearances, Donald Trump’s name does not appear in it. That is because in 2014 and early 2015, when I wrote the book, Trump looked like a novelty candidate and it was beyond my imagination that he would succeed Obama as commander-in-chief. The paperback edition opens with a new 3,000-word preface that frames the book’s account of Obama-era national-security policymaking in terms of what came next. It recounts what Trump said and did about national-security legal policy issues both during the campaign and the chaotic first months of his administration, while analyzing differing views about how to assess the Obama administration’s record in hindsight, drawing on post-election interviews I conducted with Obama legal team veterans like Greg Craig, Avril Haines, and Marty Lederman, and critics like Anthony Romero of the A.C.L.U.. Here is a taste:

…It is the story of how and why Obama, a liberal constitutional law teacher who was widely expected to roll back George W. Bush’s war on terror, ended up instead merely adjusting it — and in the process curated an immense arsenal of presidential powers and legal precedents that he then found himself handing off to Trump. And it is the story of Obama’s team — a group of national security legal policy specialists who believed that they were looking around corners to take into account future risks and put into place safeguards against them but did not anticipate that Trump and his team would inherit their handiwork. …

With no prior government experience, Trump surrounded himself with advisers who appeared ready to open the throttle on hard-power approaches to fighting terrorism, including accepting greater risk of civil-liberties violations at home and civilian casualties abroad. As a result, Trump’s rise created a new and unexpected vantage point from which to understand the legacy of Obama’s post-9/11 presidency. … The results of the 2016 election significantly raised the stakes of what happened on Obama’s watch — and the need to understand it.

In sum, there are enough improvements that if you make ongoing use of Power Wars, you may wish to acquire a paperback version. Certainly, if you already own it in e-book format, there is every reason to delete it from your device and then re-download the latest version. If you are a professor considering assigning excerpts to your students – thank you! – you may wish to ask them to get the paperback specifically.

FOIA: Some newly declass’d FISA Court stuff from the 2011 Bates MCT/702 case

Here are some newly declassified documents from a FISA lawsuit that add to the historical record of the MCT issue that arose in 2011. They provide a little bit more information about the sequencing of the case before the Foreign Intelligence Surveillance Court and the questions that Judge John Bates was asking. I don’t immediately see a stand-alone New York Times news story in them so I’m just posting them here in case they are of interest to specialists.

Context: In August 2013, early in the wave of declassifications of FISA Court rulings following the Snowden disclosures, the government made public two rulings from October and November 2011 by Judge John Bates. They were about the FISA Amendments Act Section 702 program’s upstream system and the problem of multi-communication transactions, or MCTs, that resulted in purely domestic messages being collected without a warrant. That’s of course been in the news again lately because it turned out the fix Bates agreed to, to make this reasonable under the Fourth Amendment, was never properly implemented by the N.S.A, and this spring the agency decided to end “about the target” collection, which will significantly cut down on the number of MCTs it will ingest.

One of the important things in the declassified 2011 Bates opinions that has been oft cited in surveillance legal policy writings ever since is that the N.S.A. had told him it collected “more than 250 million Internet communications” a year via the FISA Amendments Act, of which about 91 percent came from the Prism system (from Silicon Valley firms like Google) and about 9 percent came from the upstream system (from telecoms like AT&T). Last year, I came to suspect that something about this number may be wrong – that it is possible Bates may have misunderstood something – and decided to FOIA for the other materials in the docket, which the government had not released when it put out his opinions.

With help from David McCraw, the NYT FOIA lawyer, we filed suit, combining this request with several other outstanding ones for national-security related documents in the possesion of the Justice Department. Here is the first tranche of files related to the 2011 FISC/MCT case stemming from that lawsuit. It’s not the good stuff yet, but rather some low-hanging fruit. So stay tuned for future tranches, which will be more difficult for them to agree on how and what to declassify.

ODNI transparency report nerding: 151 million “call detail records”

Several people have blogged things trying to make sense of the disclosure this week that the USA Freedom Act system (which replaced the Patriot Act Section 215 bulk calling records program) collected 151 million call detail records in 2016, even though the intelligence court had approved two-hop collection surrounding only 42 suspects. To be sure, this number, 151 million, is small compared to the billions of records per day the old system was sucking in, but it is nevertheless surprisingly large on its face. I wanted to make two in-the-weeds points – one about the math in general, and one a response to Marcy Wheeler at Emptywheel.

I was told there would be no math

As people try to crunch the numbers of how to get to 151 million, a crucial thing to grasp is that a Freedom Act order is not merely a two-hop pen register, in which the N.S.A. gets prospective logs of all the new messages of its target and everyone in contact with him. Rather, it’s also a request for historical billing records still in the providers’ possession. So that’s potentially years of logs of phone calls (and probably SMS text messages) for each person in the suspect’s social circle, even though the government only collected those records during the calendar year of 2016. This factor will dramatically expand not just the number of calls a suspect would have, but also the number of social-link people who will contribute their own universe of second-hop records.

Another important insight is what it means that the government warns about duplication within the 151 million database: a lot of those 151 million records are redundant. For example, if the suspect, Joe the AT&T Customer, called his friend, Mary the Verizon Customer, the government would receive two records stemming from that single call – one from AT&T and one from Verizon. This problem extends to second-hop records: if Joe also called his other friend Fred the Sprint Customer, and Fred and Mary are also friends and separately called each other, the government would receive redundant records of Fred’s and Mary’s call from both Verizon and Sprint.

Another wildcard is that we don’t know is how much garbage is in the system from contacts with businesses and other entities that make a lot of phone calls to unrelated people, creating a potentially larger second-hop universe than an ordinary contact would – like if Joe called an auto body shop or a restaurant etc. which separately called or received calls from thousands of other customers over the years. Presumably the N.S.A. system is set up to invalidate the most commonly called numbers before requesting the second-hop records, lest they generate so much random noise that it would drown out the signal they are hunting for. But there must be some mid-sized entities that haven’t been added to the block list or that investigators wanted to keep for some particular reason – like, say the trunk line for the business where a suspect works. So this factor, too, could help get us to 151 million.

Response to Emptywheel

At Emptywheel, Marcy Wheeler has written an analysis of the 151 million number that has some elements I think are valuable contributions but also some that I am more skeptical about. Her introduction frames it as correcting misconceptions purportedly created in part by my New York Times article about the ODNI report. I reached out to her by email, but she wanted to have the conversation in public.

About half of her piece is devoted to showing how the math to generate 151 million call events within a year is implausible. Eventually, after hundreds of words, she reveals that this premise was a red herring because it is actually about historical records, not just prospective ones. Well, yes. My article said this was about “calling histories” involving “years” of phone records, so it created no such misconception, I hope.

Marcy also states that this is about more than just calls – it’s also about texts. I had only discussed “calls” in my article, but I think it’s likely right that SMS texts are also part of the mix since phone companies keep track of those for billing purposes and they serve the same purpose of identifying social links between people. Texts might also help get us to 151 million: a single conversation consisting of 10 SMS texts could be logged as 10 separate records, or 20 if duplicated between two carriers.

But Marcy then puts forward the idea that the 151 million message records in the ODNI report likely go beyond phone company records of calls and SMS texts and include other stuff, too, like websites visited on a cell phone’s browser and message logs from apps like WhatsApp and iMessage (both “certainly,” in her view) and Signal (“possibly” in her view). Indeed she says the latter is “necessarily true” for two reasons: because members of Congress have expressed concerns about electronic communications service providers that don’t keep records past 18 months, and because a lawmaker has said a large list of companies receive orders under the Freedom Act system.

Sometimes when Marcy speculates about things, she labels it a “wild-arsed guess,” but there is no such caveat here and she seems to be putting it forward as something her readers should treat as a fact. I am skeptical that this claim should be treated as a fact. Everything I have heard is that the Freedom Act system as it now exists, at least, is just about traditional telecom-based telephony (i.e. calls and SMS texts), echoing the predecessor Patriot Act program. I am aware of no evidence supporting the idea that the Freedom Act system has expanded to web browsing or app-based services from internet companies.

Importantly, the ODNI transparency report talks about the 151 million records coming from “telecommunications providers,” not electronic communications service providers generically speaking. Telecoms are a type of electronic communications service provider (defined here and here) that is generally understood to be phone and network companies, like AT&T, that transmit users’ signals and are regulated by the Federal Communications Commission under the Telecommunications Act of 1934. Messaging services that use the Internet but do not operate it, like WhatsApp, are a different type of electronic communications service provider and are generally not called telecoms.

I also do not see how the two pieces of purported evidence Marcy points to prove that metadata from WhatsApp-style services are nevertheless part of the 151 million records.

It is true that some members of Congress are interested in firms that do not keep their records longer than 18 months, but the context of that interest was rooted in traditional telephony: the F.C.C.’s regulation requiring phone companies to hold onto billing records for at least that time is understood to apply only to landline services, not cell phone services. Part of the debate about the Freedom Act was whether to impose a new data retention requirement on cell phone services to make sure relevant records would be there if the N.S.A. wasn’t storing its own copy.

It is also true that a lawmaker has said a sizable number of companies are receiving Freedom Act orders, but that also can be consistent with a telecom-only universe. As far as we know, only the three biggest telecoms were part of the old Patriot Act system – AT&T, Sprint, and Verizon – because the N.S.A. did not trust smaller telecoms to keep its existence a secret. Since the new system is not a secret, the government can obtain orders for all telecoms if it wants, and there are a ton – here’s a list – more than enough to make the number of those receiving Freedom Act system orders large and significant.

Does that mean the government could not ask the Foreign Intelligence Surveillance Court to interpret the words of the statute as justifying Freedom Act orders to internet messaging services? I would not rule it out as impossible. But I am aware of no evidence it has happened yet, and I don’t think it’s necessary to get to 151 million records collected in 2016.

 

Here’s a previously top secret 2005 Bush Justice Department memo on Stellarwind surveillance and prosecutors’ discovery obligations

In response to one of the Freedom of Information Act lawsuits I am fighting with The New York Times’ lawyer David McCraw and our annual First Amendment Fellow, Ian MacDougal, the government has turned over a May 2005 memorandum by Patrick Rowan, who was then a top national-security prosecutor in the Justice Department’s Criminal Division. This memo is about the government’s discovery obligations arising from the Stellarwind warrantless surveillance and bulk metadata program. One of the inspector general reports about Stellarwind that we liberated through previous FOIA litigation had a section about the drafting and contents of this memo, so I FOIA’d for it. (I’ve put that section of the IG report into the same Document Cloud file posted below.)

Rowan’s memo is fairly heavily redacted. (I’m sure we’ll challenge some of the redaction markings at a later stage of the lawsuit.) It’s a little hard to tell what’s going on as a result, but it looks like the thrust was about a scenario in which the Justice Department is prosecuting a terrorism case and the National Security Agency has, via Stellarwind, an intercepted conversation that might help his defense. Does the government have to turn it over? Of course most prosecutors didn’t even know Stellarwind existed at that point, so the matter turned in part on whether and when they had an obligation to ask the intelligence community to search its files generally just in case, etc. It looks like Rowan’s memo did not so much reach definitive conclusions as identify issues that would have to be addressed if DOJ came up with some kind of process for dealing with terrorism cases that might have secret surveillance evidence arguably subject to so-called “Brady” disclosure — the constitutional requirement that prosecutors turn over information in the government’s possession that could be helpful to the defense. Since this was described in the inspector general report already, I’m not sure there is a news story here. But I’ll put it out there for fellow surveillance nerds.

Notably, it does not look like Rowan, at least in these unredacted sections, was addressing the issue that arose in 2013 within the Justice Department regarding its Brady obligations and the FISA Amendments Act program that descended from Stellarwind. The 2013 fight was instead about whether DOJ had to notify defendants that they were facing evidence derived from FISA Amendments Act warrantless surveillance, meaning they had standing to challenge the legality of the underlying surveillance through a motion to suppress that evidence.

As an aside: Neither the IG report nor the memo have, in their unredacted sections, an explanation about why Rowan would be looking into the topic in the spring of 2005, but my guess is that the question occurred to them because of the accidental provisioning to lawyers representing al-Haramain, a defunct Oregon-based charity accused of funneling money to terrorists in Chechnya, a document containing copies of conversations between a leader of the charity and his attorneys apparently picked up (it was later alleged) via Stellarwind. Later in 2004 the FBI had demanded those records back, and in February 2005 Pete Seda, an officer in the charity, was indicted.

Of course, in December 2005, my future colleagues at the Times, Jim Risen and Eric Lichtblau, published their famous article disclosing the warrantless wiretapping component of Stellarwind and the Bush administration acknowledged it. In the al-Haramain matter, Seda had later tried on appeal to say evidence obtained via a search warrant should be suppressed because the investigation derived from Stellarwind, but the Ninth Circuit didn’t buy it. Separately,back in March 2006, al-Haramain’s lawyers filed a lawsuit challenging the program and citing that record they had been shown in 2004 as giving them standing, but the judiciary wouldn’t let them use it. They later filed a different case over that surveillance and won at the district court level, but lost on appeal.

[I revised this post a bit after first posting it, adding the reference to Pete Seda, and reordering it to make it flow a little more coherently.]

 



Savage-NYT FOIA Rowan Stellarwind Discovery Obligations Memo (Text)