Latest NSA Leak: Rules On How They Use Data Without A Warrant
from the wow dept
Glenn Greenwald had promised that there were more incredible leaks concerning the NSA to come, and here’s the first big one. Greenwald has revealed the NSA’s rules that show the procedures for targeting non-US persons, and also how they “minimize” data collected on US persons when dealing with the “bulk” data records collection they do, such as with all of the data around every phone call made. These are two key parts to the NSA’s insistence that they’re staying within the law and not spying on people in the US. The details here, however, suggest a very different story. The FISA court has signed off on these rules that appear to grant incredibly wide latitude for the NSA to make use of data, rather than really “minimize” its usage. While President Obama and others have insisted that the rules make sure that the NSA really isn’t collecting data on Americans, the reality shows that FISC approved rules let the NSA:
- Keep data that could potentially contain details of US persons for up to five years;
- Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
- Preserve “foreign intelligence information” contained within attorney-client communications;
- Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.
The report from Greenwald also reveals that orders he has seen from the FISA court concerning broad data collection do not appear to include details or explanations, other than your basic rubber stamp that FISC says it’s okay.
One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.
But since those procedures have now been leaked, we can see that they’re not very carefully targeted at all. If the NSA doesn’t know where someone is located, it can assume the person is foreign:
In the absence of specific information regarding whether a target is a United States person, a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.
That part about how the NSA can still keep data on US persons if they believe the data contains “evidence of a crime,” “technical data base information” or “information pertaining to a threat of serious harm to life or property” obviously give the NSA incredible powers to — contrary to what they’ve stated publicly — retain all sorts of info on Americans.
Once we and others have had a chance to dig deeper through these, I’m sure we’ll have more to say, but for now, it appears that, once again, the NSA and its defenders were less than fully forthcoming about how the NSA uses the data it collects and how it makes sure that Americans aren’t targeted.
Filed Under: fisa, fisa court, fisc, foreign persons, minimization, nsa, nsa surveillance, oversight, targeting, us persons, warrants
Comments on “Latest NSA Leak: Rules On How They Use Data Without A Warrant”
I’m deeply concerned about this, actually (emphasis mine):
Remember, my fellow Americans: only criminals encrypt things.
Re: Re:
Yep that makes every single sensible business dealing with sensitive information dirty criminals.
Re: Re: Re:
Didn’t you know? The government owns every secret information. If a company wants to avoid government snooping, they better shy away from encrypting. Their competitors won’t mind trade secrets in plain text either, so it is a win-win!
Re: Re:
Didnt Google just do this with the Maps/Street Cars thing? Didn’t they get in a ton of trouble from senators for accidentally sniffing public wifi SSID’s from their cars going 30mph?
Re: Re:
I caught this as well. You can say that giving information to a third party removes your expectation of privacy, but I would think ENCRYPTING it would put that expectation back.
I really can’t see this one passing ANYONE’s laugh test.
Re: Re: Re:
The whole “expectation of privacy” doctrine is kind of baffling to me. I know it comes from a SCOTUS decision but what the hell does what people “expect” or not have to do with Constitutional law to begin with. My 6 year old daughter “EXPECTS” me to bring her home a new toy every time I go to the store for something. She can expect all she wants but THAT ain’t going to happen. I don’t recall anywhere in the 4th amendment it saying that people are to be secure in there papers and effects as long as they “EXPECT” the government to do so, so where the hell they came up with that line of thinking is beyond me. While we are talking about what people expect, do you know what I EXPECT? I EXPECT the government to FOLLOW THE DAMNED CONSTITUTION. See, apparently the expectations of the people are meaningless when it comes to the government.
Re: Re: Re: Re:
I agree. The “reasonable expectation of privacy” test is bogus and dangerous.
But first, in regards to your 6 year old daughters expectations, the idea is it’s the expectation of privacy a “reasonable adult” would have.
My main problem with this test, aside from deciding what a “reasonable adult” would think, is that it’s incredibly flexible in a way that guarantees that what is considered “private” will shrink to nothing over time.
It works like this: you, and everyone else, may reasonably expect that you have privacy in some situation. Say, your privacy-fenced back yard.
Then, the government is caught spying on people with drones over their backyards. Whether or not that activity is punished, no reasonable person would expect privacy in their backyards anymore. So, being in your backyard would no longer pass the “reasonable expectation of privacy” test.
Re: Re: Re:2 Re:
It’s highly subjective to collectivist thinking. While many people have no problem updating status and tweets about their every action throughout the day and telling facebook who all their friends are, etc. It can be said that the average american has to expectation of privacy on those items, while I have nothing to do with facebook because I do expect those things to be private.
I think that is the basis of the PRISIM program and why the Feds think it’s constitutional. Since people give their info to facebook and google they don’t “expect” it to be private, therefore it’s fair game for the NSA
Re: Re: Re:3 Re:
However there is a big difference between voluntarily publishing your information via Facebook or Twitter and having information about your private phone calls harvested without your consent from the telco. The metadata from your calls are something are not something that was ever intended to be public information shared between anyone other than the provide and the subscriber. Those two things are not anywhere close to being the same thing.
Re: Re: Re:3 Re:
I give my information to /specific people/ on facebook. Its a big list, granted, but if someone I haven’t friended views me they see my current primary picture, and really not much more than that at all. So honestly, yes, I do think I should have an expectation of privacy there.
I remember seeing “share with: friends, friends except acquaintances, friend of friends, public, me only” on the privacy settings. Nowhere did I see a greyed out permanently checked box marked NSA.
Re: Re: Re:4 Re:
Exactly. Last I checked the NSA, FBI, DOJ, and their ilk were not on my Friend List.
Re: Re: Re:4 Re:
Why is it I am envisioning a NSA propaganda PSA where they with the Mr. Roger’s Neighborhood theme playing throughout it.
“Won’t you be my… Won’t you be my… Won’t you be MY neighbor?”
Re: Re: Re:2 Re:
The point of bringing up my daughter’s expectations is to allude to the childish nature of this line of thinking.
Re: Re: Re:2 Re:
And I understand “how it works”. My point was that the line of thinking hinges on logic appropriate to a 6 year old. It’s not part of the Constitution and in fact is a rationalization used in an attempt to excuse breaking the Constitution.
Re: Re: Re: Re:
I also expect our government to follow the constitution. But, to hear Obama and other members of our government tell it, they are following the constitution.
Absurd.
Unless they also have a secret interpretation of the constitution along side their secret interpretation of these secretive laws they’re using to justify their secret spying on us?
Re: Re: Re:2 We've heard it all before, actually.
…Unless they also have a secret interpretation of the constitution…
So…
…but some animals are more equal than others.
Re: Re: Re: Re:
Banking.
As online Banking is encrypted, can they record all online banking and credit card transactions?
Re: Banking.
Their encryption standards are at least on par with the military. If anyone could break that, encrypting things would be a waste of time anyway.
Re: Re: Banking.
Not true for online banking, which uses SSL, which has some weak encryption options.
Re: Re: Banking.
Online banking is encrypted through https. It is no more or less secure than any other https site (reasonably secure, if you ignore the existence of forged certificated).
Re: Re: Re: Banking.
Make that “forged or compromised” certificates. If someone has a copy of the cert’s private key, they can sniff the session key exchange, then decrypt the rest of the session at their leisure. While I’m reasonably confident that Russian hackers don’t have my bank’s private key file, I’m less confident that the NSA doesn’t have it.
Re: Re: Re: Banking.
They do not need to decrypt online credit card transactions to know what you bought. They only need the shopping list, and the fact that a card transaction took place.
Lacking shopping lists, but knowing where you shopped can also give a good idea of what you are up to.
Re: Banking.
You have to think more creatively.
You know all that “metadata” that they’re collecting? Part of that metadata is the number that you dial.
Ever call someone and punch your credit card number into the phone? Or your PIN?
Yeah. NSA has your Credit Card or PIN now. Without a warrant.
Re: Re: Banking.
Not so much. Once you have dialed the phone number you’re calling and the call is established, all sounds going over the line are part of the call contents (they they promise with a cherry on top they aren’t listening to), including the DTMF tones that pressing the numbers generates.
After call setup is complete, the phone company equipment is no longer listening to the line to process DTMF, those tones are not translated into numbers, etc. Your credit card numbers, PINs, and so on are absolutely not part of the call “metadata”.
Re: Re: Re: Banking.
its not that i don’t believe you personally, but i don’t believe them: i don’t believe there isn’t a way the Big Tels couldn’t listen if if they wanted to; i don’t believe the spooks; and i certainly don’t believe there aren’t backdoors, etc that can be accessed EVEN IF ATT/et al are telling their own limited truths…
since we have gone so long being led down this primrose path and find we have been lied to the whole time, the ONLY REASONABLE response is to NOT BELIEVE ANYTHING the gummint tells us…
you will be correct at least 90% of the time…
Re: Re: Re:2 Banking.
I agree. I’m just saying that numbers that you punch into the phone once call setup is complete are not metadata. They’re the “contents of the call”.
I believe all of this is being spied on as well, but that’s a different thing than spying on the metadata.
threat of harm to people or property
Given the government’s increasingly frequent use of wordplay, that could essentially be interpreted to be anything that impedes the government’s status-quo or interrupt legacy businesses or financial institutions.
When you look at other recent revelations, like Alan Grayson’s statement that TPP “hands the sovereignty of our country over to corporate interests.” the reassurances of our government leaves me tremendously “comforted”.
Just had to post this from a Guardian article
TONIGHT ON GCHQ TV:
05:00 GMT: Daybreak: LIVE: all the dawn raids from mission control
07:00 GMT: Tinker, Tailor, Soldier, Anybody with an E-Mail Account, Basically: Entertainment show where the computer selects random names from the Persons of Interest file and has them subjected them to all the rigours of an MI6 investigation: Whose pied-?-terre Will George ?Smiley? Osborne send his SWAT team round to this week ? and will it end in tearful surrender or a hail of bullets? Tune in and find out!
08:00 GMT: Wheel of Treason: Game show: tonight?s unlucky contestants are a team of Trotskyite Tweeters from the Twickenham Area!
08:30 GMT: Panorama Pyjamarama! : We turn the tables and take a look at those pesky BBC reporters? personal files.
09:00 GMT: Who Do You Think You Are, Cuz We Might Know Different?!: William Hague and his team of crack-hackers pursue one line of enquiry ? and invariably uncover a mountain of embarrassing facts about some innocent plebs along the way! Tonight: how the search for a Polish mobster, led to the arrest and prosecution of a pole-vaulter from Walsall.
10:00 GMT: Embarrassing Bodies: Choice Jpegs from the secret accounts.
11:00 GMT: Jack Straw?s Medieval Torture Hour! Archive fun from the Abu Ghraib interrogation video-file. (Contains scenes that most decent human beings may find offensive)
12:00-05:00 GMT: Big Brother. Live coverage of EVERYTHING!
Right, so what this boils down to is, “We can target anyone we like, but we’re very limited in what we can keep: only things we find interesting.”
Possible evidence of a crime is basically almost everything you ever say or do, since there are so many laws that we don’t even know about, including secret laws that we are not allowed to know.
The only reason to archive this stuff is so that, if you become annoying later, particularly if you start campaigning against, say, unlimited spying by government, they can discredit or destroy you.
Oh, and as I’ve said before, these programs aren’t to protect the government from terrorists, they’re to protect the government from you.
Re: Re:
uh huh…
time for an American Spring…
(…or -perhaps more appropriately- an American Fall)
art guerrilla
aka ann archy
eof
why not look at this stuff sensibly? the US supposedly isn’t spying on it’s own citizens, only on ‘foreigners’. i am assuming then, for example, that means UK citizens are fair game. the UK is supposedly not spying on it’s own citizens, only on ‘foreigners’. i am assuming then, for example, that means USA citizens are fair game. so, if the UK spies on USA citizens and the USA spies on UK citizens, then the two countries exchange data, both are then, for all intents and purposes, doing what they should be and only spying on ‘foreigners’. however, both countries are still getting all the information they want on everyone, whether foreign or domestic and no one is any safer than they were before, we have still lost all privacy and most of our freedom. now add in whatever other countries that want to be in on this and you have a complete network where no law enforcement agency has, officially, done anything wrong but all information on everyone, in whatever country they may be in is collected! dont take a brain surgeon to work out a scheme like this!!
Re: Re:
kinda echelony
Once they get a Quantum computer
…then current encryption methods are toast in that factoring huge numbers becomes quick.
Yeah, the inadvertently acquired communications rule pretty much says if you collect and read first before checking whether you’re allowed to collect and read, well that’s okay, then.
And NSA agents thus have no reason to check that they need to collect or read before they start. So we have total circumvention of 4th amendment protections.
Shoot first. Interrogate survivors.
Preserve "foreign intelligence information" contained within attorney-client communications
Well that’s comforting. A main point of attorney/client privilege is so the client is comfortable telling the attorney everything; as all the facts allow the attorney to best represent his client. I have non-US clients, and talk to plenty of potential clients outside the US. Does my talking to them open the door to the NSA? For drafting website a Terms of Use? Shitboyhowdy! Talk about chilling effects.
Because the NSA can’t know to preserve “foreign intelligence information” contained within attorney-client communications unless it has read the privileged communications already.
I’m not sure whether to become a hermit, or to go all activist guns-a-blazing over this. (That’s a metaphor you knee-jerk reactionary govt. fucks.)
Why, oh why
is there no adversary in this court? While not as good as a non-secret court, it would be nice to appoint a team who’s job it is to oppose any FISA court petition. Someone empowered to make appeals to the Supreme Court or Congress (the entire congress) when the FISA court tries to test new boundaries.
Re: Why, oh why
The whole point of FISA is to keep information out of the real courts and keep the rules and rulings completely secret!
Re: Why, oh why
on point: russ tice in boiling frogs interview points out that he HAD IN HIS HANDS the paperwork where various FISA judges were wiretapped…
wonder why…
i’m sure none of our masters of the universe would point out this factoid to them when an especially egregious violation was being pushed through…
and next week i get a rainbow-colored unicorn ! ! !
art guerrilla
aka ann archy
eof
Well, that was crystal clear
So it boils down to “Whatever we find, we keep. Sorry about that info about your affair.”
To think it’s all ‘legal’, too. Gee whiz, doesn’t it feel great to be an American?
Encryption
I love how it’s apparently U.S. government’s official position that using encryption is equivalent to terrorist or criminal activity.
Opt out:
Quote:
http://prism-break.org/
NSA Violations
It’s scary also because they seem to be able to side-step Congress and the Senate’s questions and do whatever they want. What is Congress going to do about this, call someone up there again for questioning and be told even more lies? The NSA seems to be the most powerful agency in the country…more so then the CIA, the FBI, the Justice Department, Homeland Security, on and on. Their spy center with yottabyte capabilities in Bluffdale, UT is going online this fall, how much will their capabilities increase at that time?
Re: NSA Violations
Re: Re: NSA Violations
How much do they have on congress though? It’s been said earlier that something must have happened to make Obama change views on damn near everything… maybe the NSA threatened to go public with the porn he watches?
Re: Re: NSA Violations
Do you really think congress has any idea where the money is really being spent. You don’t honestly believe the government spends $800 for a hammer do you?
DOD, we need money to buy .
Congress says here is $$$B toward your goal.
DOD does a little fancy accounting and $$B gets pumped through to the NSA and $B gets spent on .
NSA has cash and congress knows nothing about it.
DOD presses the “That was Easy” button and repeats.
Re: Re: Re: NSA Violations
Re: Re: Re:2 NSA Violations
Nothing to do with Independence day. The point is that the DOD can and does routinely spend money for things OTHER than what are budgeted.
What would likely happen is that would get worse if the congress decided to ‘take away’ the NSA budget. There is no one in congress that will properly oversee the DOD, and you really can’t it is just too big to track every penny.
The budget for the DOD for 2014 is proposed to be between $512B and $516B dollars. No one would even question where $10M or $20M of that went, it is less than .5% of the budget. Do you really think the DOD can’t make $10 or 12 Million (Or far more) get get funneled to the NSA (or a similar program)?
Encryption
What I find exceptionally crazy about this one is that NSA can “retain and make use of “inadvertently acquired” domestic communications if they (…) are encrypted”. Think about it for a moment. According to the FISA “court” the mere attempt at exercising your basic constitutional right to privacy makes you suspicious and therefore not eligible to privacy. Talk about circular reasoning.
Re: Encryption
You can put layers on it, just add steganography as the first layer, encryption as the second and darknets as the third.
Re: Re: Encryption
Great, you go out there and do that. But that’s not the point of what I’m saying.
Absolutely!
See the link that Mike is so ashamed of that he’s trying to censor it–just like a Chinese dictator: http://pastebin.com/5VUv7utm
Re: Re:
go have an aneurysm
Just think of the billions/trillions of your tax dollars that could be saved if the government didn’t pursue it’s illegal activities.
No True American
> If the NSA doesn’t know where someone is located, it can assume the person is foreign
Of course. No American would do things that attact the attention of the NSA.
Refine that: No TRUE American would do …
Well, now we know how to overwhelm the system: everyone append long random strings of the characters used in base64 encoding (randomly ending in 0, 1 or 2 equal signs) to all messages, and bursts of digital noise to cell phone calls.
The NSA will interpret them as encrypted messages and retain them thus wasting storage space and giving a hopeless task should they ever decide to try to decrypt them.