The Office of the Director of National Intelligence (James “Least Untruthful” Clapper, presiding) has released its first ever transparency report. So, what have our intelligence agencies been up to for the last calendar year? Well, a little of this and whole lot of that, all of it broken down into numbers that don’t really provide that much transparency.
The figure that first stands out is related to the Section 702 program. As defined in intelspeak, the 702 program:
facilitates the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States, creating a new, more streamlined procedure to collect the communications of foreign terrorists.In plain English, the Section 702 program does this:
The collection done under Section 702 captures content of communications. This could include content in emails, instant messages, Facebook messages, web browsing history, and more.Like other bulk surveillance programs, Section 702 supposedly targets non-US persons but frequently “incidentally” collects content from US persons and other non-targets. This data on Americans is then searchable via backdoor searches. Much of this information is collected directly off the “Internet backbone” as communications flow through NSA collection points. The authority it operates under is incredibly vague and almost completely without adequate oversight. This last sentence explains the following numbers.
In contrast with sections 703, 704 and pen register requests — where the number of targets roughly corresponds with the number of orders — the 702 program operates under one order… which nets over 89,000 targets. The report only says how many “targets” are “affected.”
It does not say how many other people’s communications are “incidentally” collected along the away and made open to those backdoor searches. And, rest assured, that number is likely much larger than 89,000 — especially since we already know that any communication “about” any target gets swept up, but that won’t count towards that number. And, as discussed below, the definition of “target” can often mean something entirely different than what you think it means. This broad collection, one that harvests content rather than (supposedly harmless) metadata, is one of the NSA’s favorite tools and explains its willingness to discuss alterations to the Section 215 bulk metadata program, but not to change the 702 program at all. (Not that anything much actually happened to the 215 program, even after all of the discussion.)
What’s more interesting, though, is the long discussion about the incredibly high number of National Security Letters issued in 2013.
The FBI (along with other agencies) is issuing NSLs at the rate of 53 per day. The ODNI’s long explanation attempts to portray this huge number as most certainly not evidence of NSL abuse.
In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.”So, the FBI (and unnamed other agencies) must issue a new NSL (the “must” is up for discussion) for each account it wishes to collect from, whether it’s an email address or some other online account. And if multiple names are used for one target, then new NSLs must be issued to claim thatinformation. And so on, until the government is issuing nearly 20,000 per year.
The ODNI attempts to explain how difficult it is to narrow down how many people are being targeted by NSLs.
We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL.
Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account…
We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests. The FBI often issues NSLs under different legal authorities, e.g., 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709, for the same individual or organization.The DOJ’s transparency report (linked to by the ODNI) breaks that number down just fine. (For whatever reason, the ODNI Tumblr post links to a report for 2012. The PDF of the ODNI’s report contains a link to the 2013 version. Both are embedded below.)
From the 2013 letter:
In 2013, the FBI made 14,219 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 5,334 different United States persons.From the 2012 letter:
In 2012 the FBI made 15,229 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 6,223 different United States persons.It appears the FBI has the power to narrow down the number of persons targeted by its NSLs, although something must have happened in 2013 that made it append the following footnote to its FY2013 letter.
In the course of compiling its National Security Letter statistics, the FBI may over-report the number of United States persons about whom it obtained information using National Security Letters. For example, NSLs that are issued concerning the same US. person and that include different spellings of the US. person’s name would be counted as separate U.S. persons, and NSLs issued under two different types of NSL authorities concerning the same US. person would be counted as two US. persons. This statement also applies to previously reported annual US. person numbers.The DOJ’s transparency letters again point out that the FISA court is basically approving everything set in front of it. Only one order has been withdrawn in the last two years and only 74 of 3,511 orders presented for “electronic surveillance” and/or “physical searches” were modified. The Section 215 collection requests were sent back for modification more often (roughly 2/3rds of the time) but ultimately, not a single one of those requests were denied. https://www.techdirt.com/articles/20140627/10000227702/transparency-report-office-director-national-intelligence-shows-government-issuing-50-nsls-per-day.shtml
NSA targeted just 248 Americans despite harvesting info. on millions:
The National Security Agency was interested in the phone data of fewer than 250 people believed to be in the United States in 2013, despite collecting the phone records of nearly every American.
As acknowledged in the NSA’s first-ever disclosure of statistics about how it uses its broad surveillance authorities, released Friday, the NSA performed queries of its massive phone records troves for 248 “known or presumed US persons” in 2013.
During that year, it submitted 178 applications for the data to the Fisa court during that period, which, as first revealed by the Guardian thanks to leaks from Edward Snowden, permitted the ongoing, daily collection of practically all US phone records.
The number of “selectors” NSA queried from that data trove, a term referring to an account and not necessarily an individual user, was 423 in 2013, an increase from the “less than 300 times” it searched through the data trove in 2012, according to former deputy NSA director John Inglis.
“This transparency report is significant because it shows for the first time on an annual basis both targets of business-record orders and the number of US persons specifically targeted with these metadata queries,” said Alan Butler, a lawyer with the Electronic Privacy Information Center.
“These are critical numbers to review when talking about a program that sweeps in the records of hundreds of millions of Americans.”
The pressure that resulted from revelations of that bulk collection has prompted the NSA and the Obama administration to divest itself of collecting US phone data in bulk, opting instead under pending legislation to take chains of connected “call data records” from the phone companies based on judicial orders. Since thousands of such records can be obtained based on a single order, civil libertarians in and outside Congress doubt that the shift ends “bulk collection” as commonly understood; the NSA disagree.
That pressure also prompted the Office of the Director of National Intelligence to release the long-awaited statistics, as a transparency measure.
While the surveillance statistics report provides only limited detail, it reveals that under a single order in 2013 pursuant to a 2008 law permitting NSA to obtain Americans’ international calls without individually specified warrants, some 89,138 “targets” had their data collected.
But those “targets” are not necessarily 89,138 people.
For the purposes of the relevant surveillance power, known as Section 702 of the Fisa Amendments Act of 2008, a target could be “an individual person, a group or an organization composed of multiple individuals or a foreign power,” the report explained. Such targets are counted once in the report although the NSA might be able to siphon data from “multiple communications facilities” used by the target.
Nor did the NSA disclose how many times in 2013 it has warrantlessly searched those collected communications for Americans’ data, something intelligence officials have pledged to disclose to Senator Ron Wyden, Democrat of Oregon.
The controversial queries, dubbed colloquially the “backdoor search” by Wyden, received a drubbing last week from a House amendment to defund it, and next week, a government privacy board plans to release the results of its investigation into the practice.
Similarly, a new accounting of a kind of nonjudicial subpoena for records used by the Federal Bureau of Investigation, known as a National Security Letter, declined to specify the number of Americans whose data was impacted. Instead, the report revealed that the FBI issued 19,212 national security letters in 2013, entailing 38,832 “requests for information.”
The report said greater granularity would not be technically possible to provide.
“The FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL,” it said, further explaining that the “subscriber accounts” it receives in response from companies do not necessarily correspond to single individuals.
District attorney employs 381 secret warrants to gather complete digital dossiers from Facebook:
NY – Unfortunately, it appears that the lure of bulk surveillance is not just a temptation for the federal government. Last summer, about a month after new leaks exposed the NSA’s bulk content PRISM program, Cyrus Vance, Jr., the District Attorney for Manhattan, decided to go secretly fishing through 381 Facebook accounts, and wanted to ensure no one was allowed to stop him.
The DA was looking for evidence of disability fraud, and saw Facebook as a treasure trove. Many people put their lives online, sharing their daily ups and downs with a steady stream of photos, comments, and wall posts to friends and family. Perhaps some of them, after claiming a disability, would post a windsurfing selfie or write about their marathon training, and evidence their fraud.
So the DA put together nearly 400 search warrants, which ordered Facebook to provide near total access to the accounts, and gagged the social media giant from informing the users. Facebook reports that this “unprecedented request is by far the largest we’ve ever received—by a magnitude of more than ten.” According to Facebook’s appeals brief, the targets included a cross-section of America “from high schoolers to grandparents, … electricians, school teachers, and members of our armed services.”
Facebook’s brief explains that the warrants sought “information that cannot possibly be relevant to the crimes the Government presumably continues to investigate,” including what “Group” people belong to (and who else is in that group), chat messages, private messages, friends list (including removed friends) and even past and future events. And indeed, for the vast majority of the target, the information was not relevant to any crime. Only 62 people were ultimately charged.
Nevertheless, the DA disputed Facebook’s right to challenge the warrant in court, and the New York state trial court agreed, holding that “it is the Facebook subscribers who could assert an expectation of privacy in their posting, not the digital storage facility, or Facebook.” The court reasoned that this wouldn’t be a problem, because a criminal defendant could move to suppress the evidence before trial.
But what about the users who are never charged? The court never grapples with that issue, perhaps not realizing that ultimately 80% would not be the fraudsters the DA was looking for. Instead, the opinion moves on to justify the non-disclosure provisions by raising the spectre of evidence tampering by the users.
Under this pair of holdings, no one is allowed to challenge the authority of the DA in court. Facebook is not allowed and the users don’t know. (Ironically, in an earlier case involving Twitter, the court had found that the user had no rights to challenge the NY DA’s data demand on Twitter).
To paraphrase yesterday’s landmark Supreme Court ruling, the Founders did not fight a revolution to gain Fourth Amendment rights that no one can assert.
Facebook has appealed this dangerous precedent, seeking to “invalidate these sweeping warrants and to force the government to return the data it has seized and retained.” And, nearly a year after the warrants issued, the case has been unsealed. But, despite a temporary stay, Facebook was eventually forced to comply, and the DA continues to hold a digital dossier of the lives of over 300 people never charged with a crime.
Law enforcement & the DOJ are plotting how to get around Supreme Court’s warrant requirement to search phones:
Jim Pasco, the executive director of the Fraternal Order of Police, points out that due process should be ignored when gangs are around:
Jim Pasco, executive director of the Fraternal Order of Police, the country’s largest police union, imagined the police busting a drug deal with two suspects, one who gets cuffed and another who gets away.
The arresting officers “want to get into that phone and see if they can get the other guy,” he said in an interview. “Or gang situations. They communicate almost exclusively by phone. There’s more at stake here than due process. It’s public safety.”Meanwhile, another police spokesperson overreacts by suggesting warrants are somehow difficult to get:
Besides the delay, one problem is such a warrant might not be approved, said Bill Johnson, executive director of the National Association of Police Organizations, which counts about 240,000 rank-and-file police officers as members.
“You have to make that jump: I bet he’s got a bunch of stuff on his phone. And that’s not good enough,” he said. “The officers are really going to have to point to something specific that ties that phone or that suspect’s use of phones to the commission of a crime.”He makes that sound horrible, but that’s what the Constitution says. Just because there may be bad stuff in someone’s house the police don’t get to just search it. They have to point to something specific. That’s the 4th Amendment. Has Johnson never read it?
Meanwhile, at the DOJ, they’re already plotting on ways to get around this ruling by seeing how far they can push the “exigent circumstances” exception:
Ellen Canale, a Justice Department spokeswoman, said the agency would work with law enforcement to ensure “full compliance” with the decision.
“We will make use of whatever technology is available to preserve evidence on cell phones while seeking a warrant, and we will assist our agents in determining when exigent circumstances or another applicable exception to the warrant requirement will permit them to search the phone immediately without a warrant,” Canale said. https://www.techdirt.com/articles/20140626/19130127696/law-enforcement-doj-already-plotting-how-to-get-around-supreme-courts-warrant-requirement-to-search-phones.shtml