The Glenn Greenwald/Guardian story about a memo leaked to Greenwald about the NSA obtaining a court order to seize Verizon phone records, was topped by a Washington Post article stating that the NSA had “back door” access to 9 different Internet providers, including Microsoft, Google and Apple (think twice about the “cloud…”)
Here’s what Greenwald reported:
The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.
The order, a copy of which has been obtained by the Guardian, requires Verizon on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.
The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.
The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.
Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.
The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government’s domestic spying powers.
Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.
The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of “all call detail records or ‘telephony metadata’ created by Verizon for communications between the United States and abroad” or “wholly within the United States, including local telephone calls”.
The order directs Verizon to “continue production on an ongoing daily basis thereafter for the duration of this order”. It specifies that the records to be produced include “session identifying information”, such as “originating and terminating number”, the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and “comprehensive communication routing information”.
The information is classed as “metadata”, or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such “metadata” is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.
While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.
It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.
And one more clip [emphasis added]:
The law on which the order explicitly relies is the so-called “business records” provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration’s extreme interpretation of the law to engage in excessive domestic surveillance.
In a letter to attorney general Eric Holder last year, they argued that “there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows.”
“We believe,” they wrote, “that most Americans would be stunned to learn the details of how these secret court opinions have interpreted” the “business records” provision of the Patriot Act.
And here’s how CNN reported what Greenwald reported:
One congressman says it’s “shocking” how the Obama administration is now using the Patriot Act. But a senator says the secret court order for American phone records is “lawful.”
The Patriot Act, the landmark law born out of the September 11, 2001, terror attacks, is at the center of an emerging controversy Thursday over how the Obama administration obtained a secret court order for phone records from the Verizon Business Network Service from April to July this year.
The administration is accused of making a secret interpretation and going too far in that interpretation of the anti-terrorism law, specifically a portion called Section 215.
Experts wonder whether the revelation of the secret order will prompt a public outcry and Congressional hearings. And a digital civil liberties lawyer argues the government can no longer claim state secrecy privileges in federal lawsuits seeking to shut down domestic surveillance programs.
Even before this week’s Verizon controversy, privacy advocates had long criticized Section 215 as vastly expanding the FBI’s power to spy on Americans.
The Verizon case apparently marks a difference between Presidents Barack Obama and George W. Bush in obtaining phone records, according to Tyler Newby, a former federal computer crime prosecutor under both administrations.
The Bush administration also collected phone logs — the same sort of “metadata” that the Obama administration is gathering from Verizon — and even conducted wiretaps, but it did so without getting a court order.
Now the Obama administration is invoking the Patriot Act’s Section 215 — as well as the Foreign Intelligence Surveillance Act — as the basis for a secret court order demanding Verizon records that show originating and terminating phone numbers, their location, time and duration. The FISA court’s proceedings, held in Washington, are secret.
“It’s pretty broad authority that Section 215 gives the FBI,” said Newby, who worked in the U.S. Justice Department between 2007 and early 2011.
And this from the New Yorker:
The order covers the period from April 25th to July 19th of this year. That’s three months, a calendar increment that suggests it might be renewed regularly. An “expert in this aspect of the law” that the Washington Post spoke to said that the order appeared to be the descendant of one from 2006, “reissued routinely every 90 days and that it is not related to any particular investigation by the F.B.I. or any other agency.” The USA Today reported back then that something like this was going on, but the scale, legal sleight of hand, and its endurance under the Obama Administration are a surprise.
How, one might ask, is this possibly legal? The answer involves an interaction of FISA and the Patriot Act. FISA’s purpose is to allow the government to investigate foreign threats in a way that harms the privacy of Americans as little as possible. If the government wants access to an American citizen’s phone number because it thinks that person might be communicating with someone from Al Qaeda, and wants the warrant to be secret, it goes to FISA, which almost never turns it down.
This isn’t exactly a warrant; it’s an order to turn over “tangible things”; it refers to the Patriot Act, whose Section 215 allows the government to ask for “business records” that are “relevant” to an investigation, and that is what the government has decided to call these communication records. (Despite referring to these as “business,” the order says that the government doesn’t need “financial information.”) The sophistry lies in pretending that “metadata” is just about the transaction with Verizon—the business—rather than about the privacy of the callers.
Ok, so what is this Section 215 of the Patriot Act? It’s pretty heinous. Per the ACLU:
- Section 215 allows the FBI to order any person or entity to turn over “any tangible things,” so long as the FBI “specif[ies]” that the order is “for an authorized investigation . . . to protect against international terrorism or clandestine intelligence activities.”
- Section 215 vastly expands the FBI’s power to spy on ordinary people living in the United States, including United States citizens and permanent residents.
- The FBI need not show probable cause, nor even reasonable grounds to believe, that the person whose records it seeks is engaged in criminal activity.
- The FBI need not have any suspicion that the subject of the investigation is a foreign power or agent of a foreign power.
- The FBI can investigate United States persons based in part on their exercise of First Amendment rights, and it can investigate non-United States persons based solely on their exercise of First Amendment rights.
- For example, the FBI could spy on a person because they don’t like the books she reads, or because they don’t like the web sites she visits. They could spy on her because she wrote a letter to the editor that criticized government policy.
- Those served with Section 215 orders are prohibited from disclosing the fact to anyone else. Those who are the subjects of the surveillance are never notified that their privacy has been compromised.
- If the government had been keeping track of what books a person had been reading, or what web sites she had been visiting, the person would never know.
Probably the most hotly debated provision of the law, Section 215 has come to be known as the “libraries provision,” even though it never mentions libraries or bookstores. Civil liberties groups attack the breadth of this section — which allows investigators to obtain “any tangible thing (including books, records, papers, documents and other items),” as long as the records are sought “in connection with” a terror investigation.
Library groups said the law could be used to demand the reading records of patrons. But the government points out that the First Amendment activities of Americans are specifically protected by the law. The Justice Department has released previously classified statistics to show the law has never been used against libraries or bookstores. But the act’s critics argue that there’s no protection against future abuse.
Civil liberties groups have proposed numerous amendments: special protections for libraries and bookstores; a requirement that investigators explain the reason the records are sought; and an end to the “gag rule” that prohibits people who receive a 215 order from talking about it with anyone. The Justice Department has agreed that recipients can consult with an attorney and is open to an amendment that specifies this right. But the government says the controversy over this provision is an overreaction, and that this section merely expands longstanding access to certain business records.
But now, here’s a question. Is Section 215 of the Patriot Act really what’s being used in the Verizon and Internet providers’ sweeps? Director of National Intelligence James Clapper seems to be saying no. Here’s the official statement released by the DNI Thursday night, when all of this news broke:
June 6, 2013DNI Statement on Activities Authorized Under Section 702 of FISA
The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
Section 702 was recently reauthorized by Congress after extensive hearings and debate.
Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.
James R. Clapper, Director of National Intelligence
Ok, so then what is Section 702 of the Foreign Intelligence Surveillance Act? Here’s a clip from a letter Clapper and A.G. Eric Holder sent to the House and Senate Leadership last February, urging reauthorization of the FISA law including Section 702:
If Clapper is right, then two different laws are being conflated here. There’s the Patriot Act, passed hastily in the weeks after 9/11, complete with all sorts of “sneak and peak” provisions that involve surveillance and investigations on U.S. soil, potentially of American citizens; and there is the Foreign Intelligence Surveillance Act update, passed in 2006 after, in December 2005, the New York Times’ James Risen exposed warrantless wiretapping via a George W. Bush executive order dating from 2002.
From Risen’s report:
Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible “dirty numbers” linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications.
The previously undisclosed decision to permit some eavesdropping inside the country without court approval was a major shift in American intelligence-gathering practices, particularly for the National Security Agency, whose mission is to spy on communications abroad. As a result, some officials familiar with the continuing operation have questioned whether the surveillance has stretched, if not crossed, constitutional limits on legal searches.
“This is really a sea change,” said a former senior official who specializes in national security law. “It’s almost a mainstay of this country that the N.S.A. only does foreign searches.”
Nearly a dozen current and former officials, who were granted anonymity because of the classified nature of the program, discussed it with reporters for The New York Times because of their concerns about the operation’s legality and oversight.
According to those officials and others, reservations about aspects of the program have also been expressed by Senator John D. Rockefeller IV, the West Virginia Democrat who is the vice chairman of the Senate Intelligence Committee, and a judge presiding over a secret court that oversees intelligence matters. Some of the questions about the agency’s new powers led the administration to temporarily suspend the operation last year and impose more restrictions, the officials said.
In other words, is this about domestic surveillance or foreign surveillance? You could argue that either way, the government colluding with phone or Internet companies to sweep up “metadata” is hellafied creepy either way. But in the interests of accuracy, the reports should get the law right.
Here’s a clip from Thursday’s Washington Post report on PRISM:
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.
Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.
The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.
In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to certify periodically that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.http://blog.reidreport.com/wp-admin/post-new.php
That explains why the companies aren’t talking. Apparently, Apple held out the longest.
FYI, Barack Obama, as a Senator, voted against the 2007 PAA, which provided for immunity for the telcos, but he voted for the 2008 FISA law.
Apparently DropBox is next on the list to cooperate with the NSA. However all of the companies are denying participating in PRISM at all.
Back to the Washington Post:
In exchange for immunity from lawsuits, companies such as Yahoo and AOL are obliged to accept a “directive” from the attorney general and the director of national intelligence to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”
In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.
Apple demonstrated that resistance is possible when it held out for more than five years, for reasons unknown, after Microsoft became PRISM’s first corporate partner in May 2007. Twitter, which has cultivated a reputation for aggressive defense of its users’ privacy, is still conspicuous by its absence from the list of “private sector partners.”
Google, like the other companies, denied that it permitted direct government access to its servers.
Companies have cooperated with the government to surveil their customers. More Wapo:
PRISM is an heir, in one sense, to a history of intelligence alliances with as many as 100 trusted U.S. companies since the 1970s. The NSA calls these Special Source Operations, and PRISM falls under that rubric.
As to how the WaPo got the Powerpoint presentation divulging all of this:
Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.
Ironically, the FISA law itself came about in 1978, to try and remedy the rampant surveillance and wiretapping of the Nixon era. From About.com:
In January of 1970, a young man named Christopher Pyle uncovered evidence that the U.S. Army Intelligence Command had over 1,500 officers in the United States commissioned to spy on any known protests or demonstrations with more than 20 participants. His complaint caught the eye of Senator Sam Ervin (D-NC) and Senator Frank Church (D-ID), each of whom launched committee investigations into warrantless government surveillance of civilians.
1974-1976: Seymour Hersh and the Church Committee
As chair of the Senate Judiciary Subcommittee on Constitutional Rights, Senator Ervin was concerned about Pyle’s allegations but had little power to act on them. Ervin’s work as chair of the Watergate committee, from 1972 on, would prove more productive.
His work was picked up by Senator Church in 1975, after the resignation of President Nixon and the publication of a December 1974 report by journalist Seymour Hersh revealing large-scale warrantless CIA surveillance. Senator Church led the U.S. Select Committee to Study Governmental Operations with Respect to Intelligence Activities, which found that the executive branch had routinely perpetrated civil liberties violations against civilians on a massive scale in violation of federal law.
1978: President Carter Signs the Foreign Intelligence Surveillance Act (FISA)
The Church Committee’s findings led to numerous changes in U.S. policy. One of these changes was the establishment of the Foreign Intelligence Surveillance Court, a court through which the executive branch may secretly obtain warrants for electronic surveillance while remaining subject to judicial review.
And here’s a brief history of the NSA from NPR’s Daniel Schorr back in 2006:
I had a smile last Wednesday when President Bush was shown on television visiting the National Security Agency at Ft. Meade, Maryland, and telling the eavesdroppers that we’re doing a good job on the anti-terrorism front.
HANSEN: NPR Senior News Analyst, Daniel Schorr.
SCHORR: The existence of the multi-billion dollar agency had been a deep secret until it was unveiled in a Senate investigation in 1975. And when I tried to do an on-camera report for CBS standing outside the NSA gate, a U.S. Marine warned me I would be shot if I didn’t go away. I didn’t stay to test my First Amendment rights.
Testifying before a Senate committee in 1975, the NSA’s director, General Lou Allen, acknowledged that on request of other agencies, the NSA maintained watch lists with hundreds of names, many of them Americans whose phone calls were being monitored in an effort to establish foreign connections of anti-war dissidents. There were also suspected drug traffickers and potential assassins on these lists.
Out of that Senate investigation came the conclusion that there was good reason for some of the intercepts, but that there had to be some kind of judicial control to prevent breaches of civil liberties. And from that conclusion was born the 1978 act called FISA, the Foreign Intelligence Surveillance Act. FISA established a secret court in charge of issuing warrants for wiretaps when requested. The court has refused very few applications and the law allows when necessary for surveillance to begin before the warrant has been issued. There is a saying that if something ain’t broke, don’t fix it. But the Bush administration, for reasons hard to understand, has taken the position that it can ignore FISA, relying on a president’s inherent power to order surveillance all on his own.
And so 30 years after the Senate revealed the existence of the NSA, America’s big ear, the issue is back before the Senate again. Chairman Arlen Specter has announced judiciary committee hearings starting February 6. And with President Bush, as with President Nixon then, the issue is whether the president is a law unto himself.
It was after those hearings, in 2007, that congress passed the new FISA law, that it appears was used to authorize the latest Internet/phone surveillance.
And the latest PATRIOT and FISA provisions are in place, thanks to reauthorizations, until at least 2015.