Pages

9 March 2015

EFF Lawsuit Yields More Documents Detailing NSA’s Post-9/11 “Collect It All” SIGINT Collection Strategy

Tim Cushing
March 6, 2015

from the terrorism-still-trumps-4th-amendment-protections dept

Thanks to its ongoing FOIA lawsuit against the NSA, the EFF has managed to secure another set of documents detailing the legal rationalizations behind the intelligence agency’s “collect it all” approach, as well as the FISA’s courts approval of expanded surveillance powers in the wake of the 9/11 attacks.

The documents were supposed to be released in January, but the NSA ignored a direct court order and unceremoniously dumped them in the EFF’s lap late in the evening of March 2nd.

The so-called “raw take” document dates back to July 2002 and shows the FISA court granting the NSA, FBI and CIA to continue increased surveillance powers and expanded information sharing.

This matter is before the Court on the motion of the United States, filed by James A. Baker, Counsel for Intelligence Policy and approved by the Attorney General of the United States, to modify the minimization procedures already approved and in use in the above captioned cases since January 1, 2001: to authorize the Federal Bureau of Investigation (FBI) to disseminate to the Central Intelligence Agency (CIA) and to the National Security Agency (NSA) “raw data” (unminimized information) only where the raw data relates to international terrorism; to include communications of or concerning United States persons collected by the FBI in electronic surveillances and physical searches authorized by this Court under the Foreign Intelligence Surveillance Act and to allow the CIA and NSA to review, translate, analyze, minimize, use, retain and disseminate such information pursuant to supplementary minimization procedures approved by the Attorney General and filed with the Government’s motion.

The documents cite several supporting documents and exhibits filed by the government. Unfortunately, none of those “attached” documents are actually attached, meaning it will take more legal wrangling to gain any more insight into the government’s justification of expanded powers.

The other document is a

that the EFF refers to as the “Rosetta Stone” of FISA-authorized surveillance.

This opinion… purportedly represents the FISC’s full assessment of the range of legal issues presented by NSA surveillance under Section 702 of the FAA—a provision of law authorizing the government to conduct warrantless surveillance within the United States of overseas targets. Importantly, the opinion likely discusses the constitutionality of the NSA’s upstream surveillance operations—currently, the only federal court decision on this topic. Despite this opinion’s centrality to understanding FAA surveillance, it has remained secret for nearly 7 years.

The FISA court approved everything the government asked for and states its reasons for doing. Unfortunately, you’ll (again) just have to take the FISA court’s word that the government’s arguments and supporting documents were satisfactory. Nearly everything involved in the crafting of this opinion was filed ex parte and reviewed in camera

Supposedly, targeting of a person will “cease immediately” once they’re determined to either be a US person or have entered the United States. Collections past this point are supposed to be purged. But there are exceptions.

If, in Order to protect against an immediate threat to national security, the NSA determines that it must take action, on a temporary basis, in apparent departure from these procedures and that it is not feasible to obtain a timely modification of these procedures from the Attorney General and [the DNI] NSA may take such action and will report that activity to [the Department of Justice and the Office of the DNI]. Under such circumstances, the Government will continue to adhere to all of the statutory limitations set forth in subsection 702(b) of [FISA].

The NSA then admits that it’s not really in the business of thwarting immediate threats.

The government expects that this departure provision will be invoked only under “very extreme circumstances,” and in fact is not likely to be used at all.

The court notes that nothing in the applicable statutes actually requires the NSA to prevent the targeting of US persons. All it demands is that the NSA not do it “intentionally.” Hence, all sorts of incidental collection

. Sure, there are minimization procedures in place, but there’s also a lot of information sharing between agencies (FBI, CIA) that utilizes “raw” data and communications.

In this case, there are three sets of minimization procedures that have been adopted by the Attorney General: a set of procedures for each of the two agencies that will conduct acquisitions, the NSA and the FBI, and a third set of procedures for the CIA, which may receive from those agencies the raw data from acquisitions. Each of these sets of procedures closely resembles minimization procedures that have been found by judges of this Court to meet the definition of minimization procedures under section 1801(h) in the context of cases that have a significantly greater likelihood of acquiring communications to, from, or about United States persons.

It’s the minimization procedures that introduce the most loopholes. The CIA’s loopholes are the most expansive.

Any communication … acquired through the targeting of a person who at the time of targeting was reasonably believed to be a non-United States person located outside the United States but is in fact located inside the United States at the time such communication is acquired or was in fact a United States person at the time of the targeting shall be destroyed unless the Director of the [CIA] determines in writing that such communication is reasonably believed to contain: significant foreign intelligence information; evidence of a crime that has been, is being, or is about to be committed; orinformation retained for cryptanalytic, traffic analytic, or signal exploitation purposes.

As for the NSA, its minimization exceptions leave the door propped open for the retention of US persons’ communications and data.

[T]he Director of NSA may also authorize retention upon a finding that “the communication contains information pertaining to a threat of serious harm to life or property” or “information necessary to understand or assess a communications security vulnerability.”

The order also notes that additional expansions of surveillance power occurred on May 2007, under the heading of “raw take.”

[T]he procedures adopted by this Court in In re Electronic Surveillance and Physical Search of International Terrorist Groups. Their Agents, and Related Targets, Order, No. [REDACTED] (May 2002), as extended and modified by orders of this Court, most recently on December 6, 2007…

Interestingly, just as FISA Judge Mary McLaughlin was finding a bunch of government

ex parte

submissions wholly credible and the agency’s Section 702 program no threat to the Fourth Amendment, the government was fighting with FISA Judge Walton for the survival of a less intrusive program (the bulk phone records collection)…

McLaughlin found the minimization and targeting practices the agency instituted to be a sufficient deterrent to abuse. Meanwhile, Reggie Walton was finding plenty of abuse and obfuscation in his dealings with the NSA. By early 2009, he was threatening to shut down the program for “frequent and systemic violations” of minimization procedures. One FISA judge took the government’s claim that internal procedures would prevent abuse at face value — for a program that gathered content and communications. Almost simultaneously, Judge Walton was discovering the NSA’s internal procedures weren’t preventing anything.

This is as close to a “whole picture” as we have on the government’s arguments for its internet backbone communications collection, at least at this point. And most of the arguments are missing. What we have is a judge stating that she believes the government when it says words like “oversight,” “minimization” and “reasonable belief.” Not exactly heartening, considering its past abuse of similar minimization procedures with its bulk records program

No comments:

Post a Comment