Latest NSA Leak: Rules On How They Use Data Without A Warrant

from the wow dept

Glenn Greenwald had promised that there were more incredible leaks concerning the NSA to come, and here’s the first big one. Greenwald has revealed the NSA’s rules that show the procedures for targeting non-US persons, and also how they “minimize” data collected on US persons when dealing with the “bulk” data records collection they do, such as with all of the data around every phone call made. These are two key parts to the NSA’s insistence that they’re staying within the law and not spying on people in the US. The details here, however, suggest a very different story. The FISA court has signed off on these rules that appear to grant incredibly wide latitude for the NSA to make use of data, rather than really “minimize” its usage. While President Obama and others have insisted that the rules make sure that the NSA really isn’t collecting data on Americans, the reality shows that FISC approved rules let the NSA:

  • Keep data that could potentially contain details of US persons for up to five years;
  • Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
  • Preserve “foreign intelligence information” contained within attorney-client communications;
  • Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The report from Greenwald also reveals that orders he has seen from the FISA court concerning broad data collection do not appear to include details or explanations, other than your basic rubber stamp that FISC says it’s okay.

One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.

But since those procedures have now been leaked, we can see that they’re not very carefully targeted at all. If the NSA doesn’t know where someone is located, it can assume the person is foreign:

In the absence of specific information regarding whether a target is a United States person, a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.

That part about how the NSA can still keep data on US persons if they believe the data contains “evidence of a crime,” “technical data base information” or “information pertaining to a threat of serious harm to life or property” obviously give the NSA incredible powers to — contrary to what they’ve stated publicly — retain all sorts of info on Americans.

Once we and others have had a chance to dig deeper through these, I’m sure we’ll have more to say, but for now, it appears that, once again, the NSA and its defenders were less than fully forthcoming about how the NSA uses the data it collects and how it makes sure that Americans aren’t targeted.



Filed Under: , , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Latest NSA Leak: Rules On How They Use Data Without A Warrant”

Subscribe: RSS Leave a comment
57 Comments
Anonymous Coward says:

I’m deeply concerned about this, actually (emphasis mine):

Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

Remember, my fellow Americans: only criminals encrypt things.

Anonymous Coward says:

Re: Re: Re:

The whole “expectation of privacy” doctrine is kind of baffling to me. I know it comes from a SCOTUS decision but what the hell does what people “expect” or not have to do with Constitutional law to begin with. My 6 year old daughter “EXPECTS” me to bring her home a new toy every time I go to the store for something. She can expect all she wants but THAT ain’t going to happen. I don’t recall anywhere in the 4th amendment it saying that people are to be secure in there papers and effects as long as they “EXPECT” the government to do so, so where the hell they came up with that line of thinking is beyond me. While we are talking about what people expect, do you know what I EXPECT? I EXPECT the government to FOLLOW THE DAMNED CONSTITUTION. See, apparently the expectations of the people are meaningless when it comes to the government.

John Fenderson (profile) says:

Re: Re: Re: Re:

I agree. The “reasonable expectation of privacy” test is bogus and dangerous.

But first, in regards to your 6 year old daughters expectations, the idea is it’s the expectation of privacy a “reasonable adult” would have.

My main problem with this test, aside from deciding what a “reasonable adult” would think, is that it’s incredibly flexible in a way that guarantees that what is considered “private” will shrink to nothing over time.

It works like this: you, and everyone else, may reasonably expect that you have privacy in some situation. Say, your privacy-fenced back yard.

Then, the government is caught spying on people with drones over their backyards. Whether or not that activity is punished, no reasonable person would expect privacy in their backyards anymore. So, being in your backyard would no longer pass the “reasonable expectation of privacy” test.

Anonymous Coward says:

Re: Re: Re:2 Re:

It’s highly subjective to collectivist thinking. While many people have no problem updating status and tweets about their every action throughout the day and telling facebook who all their friends are, etc. It can be said that the average american has to expectation of privacy on those items, while I have nothing to do with facebook because I do expect those things to be private.

I think that is the basis of the PRISIM program and why the Feds think it’s constitutional. Since people give their info to facebook and google they don’t “expect” it to be private, therefore it’s fair game for the NSA

Anonymous Coward says:

Re: Re: Re:3 Re:

However there is a big difference between voluntarily publishing your information via Facebook or Twitter and having information about your private phone calls harvested without your consent from the telco. The metadata from your calls are something are not something that was ever intended to be public information shared between anyone other than the provide and the subscriber. Those two things are not anywhere close to being the same thing.

Anonymous Coward says:

Re: Re: Re:3 Re:

I give my information to /specific people/ on facebook. Its a big list, granted, but if someone I haven’t friended views me they see my current primary picture, and really not much more than that at all. So honestly, yes, I do think I should have an expectation of privacy there.

I remember seeing “share with: friends, friends except acquaintances, friend of friends, public, me only” on the privacy settings. Nowhere did I see a greyed out permanently checked box marked NSA.

Anonymous Coward says:

Re: Re: Re: Re:

I also expect our government to follow the constitution. But, to hear Obama and other members of our government tell it, they are following the constitution.

Absurd.

Unless they also have a secret interpretation of the constitution along side their secret interpretation of these secretive laws they’re using to justify their secret spying on us?

btr1701 (profile) says:

Re: Re: Re: Re:

The whole “expectation of privacy” doctrine is kind of
baffling to me. what the hell does what people “expect”
or not have to do with Constitutional law to begin with.

It actually doesn’t have anything to do with the Constitution, or even reality. What people actually expect is irrelevant. The government (i.e., the courts) decide for us what is reasonable for us to expect regarding privacy and anything that falls outside that ever-shrinking circle is fair game, regardless of any actual expectations of privacy you or I might have.

Anonymous Coward says:

Re: Re: Re: Banking.

Make that “forged or compromised” certificates. If someone has a copy of the cert’s private key, they can sniff the session key exchange, then decrypt the rest of the session at their leisure. While I’m reasonably confident that Russian hackers don’t have my bank’s private key file, I’m less confident that the NSA doesn’t have it.

DCX2 says:

Re: Banking.

You have to think more creatively.

You know all that “metadata” that they’re collecting? Part of that metadata is the number that you dial.

Ever call someone and punch your credit card number into the phone? Or your PIN?

Yeah. NSA has your Credit Card or PIN now. Without a warrant.

John Fenderson (profile) says:

Re: Re: Banking.

Ever call someone and punch your credit card number into the phone? Or your PIN?

Yeah. NSA has your Credit Card or PIN now. Without a warrant.

Not so much. Once you have dialed the phone number you’re calling and the call is established, all sounds going over the line are part of the call contents (they they promise with a cherry on top they aren’t listening to), including the DTMF tones that pressing the numbers generates.

After call setup is complete, the phone company equipment is no longer listening to the line to process DTMF, those tones are not translated into numbers, etc. Your credit card numbers, PINs, and so on are absolutely not part of the call “metadata”.

art guerrilla (profile) says:

Re: Re: Re: Banking.

its not that i don’t believe you personally, but i don’t believe them: i don’t believe there isn’t a way the Big Tels couldn’t listen if if they wanted to; i don’t believe the spooks; and i certainly don’t believe there aren’t backdoors, etc that can be accessed EVEN IF ATT/et al are telling their own limited truths…

since we have gone so long being led down this primrose path and find we have been lied to the whole time, the ONLY REASONABLE response is to NOT BELIEVE ANYTHING the gummint tells us…

you will be correct at least 90% of the time…

Loki says:

threat of harm to people or property

Given the government’s increasingly frequent use of wordplay, that could essentially be interpreted to be anything that impedes the government’s status-quo or interrupt legacy businesses or financial institutions.

When you look at other recent revelations, like Alan Grayson’s statement that TPP “hands the sovereignty of our country over to corporate interests.” the reassurances of our government leaves me tremendously “comforted”.

Zakida Paul (profile) says:

Just had to post this from a Guardian article

TONIGHT ON GCHQ TV:

05:00 GMT: Daybreak: LIVE: all the dawn raids from mission control

07:00 GMT: Tinker, Tailor, Soldier, Anybody with an E-Mail Account, Basically: Entertainment show where the computer selects random names from the Persons of Interest file and has them subjected them to all the rigours of an MI6 investigation: Whose pied-?-terre Will George ?Smiley? Osborne send his SWAT team round to this week ? and will it end in tearful surrender or a hail of bullets? Tune in and find out!

08:00 GMT: Wheel of Treason: Game show: tonight?s unlucky contestants are a team of Trotskyite Tweeters from the Twickenham Area!

08:30 GMT: Panorama Pyjamarama! : We turn the tables and take a look at those pesky BBC reporters? personal files.

09:00 GMT: Who Do You Think You Are, Cuz We Might Know Different?!: William Hague and his team of crack-hackers pursue one line of enquiry ? and invariably uncover a mountain of embarrassing facts about some innocent plebs along the way! Tonight: how the search for a Polish mobster, led to the arrest and prosecution of a pole-vaulter from Walsall.

10:00 GMT: Embarrassing Bodies: Choice Jpegs from the secret accounts.

11:00 GMT: Jack Straw?s Medieval Torture Hour! Archive fun from the Abu Ghraib interrogation video-file. (Contains scenes that most decent human beings may find offensive)

12:00-05:00 GMT: Big Brother. Live coverage of EVERYTHING!

Malor (profile) says:

Right, so what this boils down to is, “We can target anyone we like, but we’re very limited in what we can keep: only things we find interesting.”

Possible evidence of a crime is basically almost everything you ever say or do, since there are so many laws that we don’t even know about, including secret laws that we are not allowed to know.

The only reason to archive this stuff is so that, if you become annoying later, particularly if you start campaigning against, say, unlimited spying by government, they can discredit or destroy you.

Anonymous Coward says:

why not look at this stuff sensibly? the US supposedly isn’t spying on it’s own citizens, only on ‘foreigners’. i am assuming then, for example, that means UK citizens are fair game. the UK is supposedly not spying on it’s own citizens, only on ‘foreigners’. i am assuming then, for example, that means USA citizens are fair game. so, if the UK spies on USA citizens and the USA spies on UK citizens, then the two countries exchange data, both are then, for all intents and purposes, doing what they should be and only spying on ‘foreigners’. however, both countries are still getting all the information they want on everyone, whether foreign or domestic and no one is any safer than they were before, we have still lost all privacy and most of our freedom. now add in whatever other countries that want to be in on this and you have a complete network where no law enforcement agency has, officially, done anything wrong but all information on everyone, in whatever country they may be in is collected! dont take a brain surgeon to work out a scheme like this!!

Uriel-238 (profile) says:

Once they get a Quantum computer

…then current encryption methods are toast in that factoring huge numbers becomes quick.

Yeah, the inadvertently acquired communications rule pretty much says if you collect and read first before checking whether you’re allowed to collect and read, well that’s okay, then.

And NSA agents thus have no reason to check that they need to collect or read before they start. So we have total circumvention of 4th amendment protections.

Shoot first. Interrogate survivors.

GMacGuffin says:

Preserve "foreign intelligence information" contained within attorney-client communications

Well that’s comforting. A main point of attorney/client privilege is so the client is comfortable telling the attorney everything; as all the facts allow the attorney to best represent his client. I have non-US clients, and talk to plenty of potential clients outside the US. Does my talking to them open the door to the NSA? For drafting website a Terms of Use? Shitboyhowdy! Talk about chilling effects.

Because the NSA can’t know to preserve “foreign intelligence information” contained within attorney-client communications unless it has read the privileged communications already.

I’m not sure whether to become a hermit, or to go all activist guns-a-blazing over this. (That’s a metaphor you knee-jerk reactionary govt. fucks.)

Anonymous Coward says:

Why, oh why

is there no adversary in this court? While not as good as a non-secret court, it would be nice to appoint a team who’s job it is to oppose any FISA court petition. Someone empowered to make appeals to the Supreme Court or Congress (the entire congress) when the FISA court tries to test new boundaries.

art guerrilla (profile) says:

Re: Why, oh why

on point: russ tice in boiling frogs interview points out that he HAD IN HIS HANDS the paperwork where various FISA judges were wiretapped…

wonder why…

i’m sure none of our masters of the universe would point out this factoid to them when an especially egregious violation was being pushed through…

and next week i get a rainbow-colored unicorn ! ! !

art guerrilla
aka ann archy
eof

Dubious1 (profile) says:

NSA Violations

It’s scary also because they seem to be able to side-step Congress and the Senate’s questions and do whatever they want. What is Congress going to do about this, call someone up there again for questioning and be told even more lies? The NSA seems to be the most powerful agency in the country…more so then the CIA, the FBI, the Justice Department, Homeland Security, on and on. Their spy center with yottabyte capabilities in Bluffdale, UT is going online this fall, how much will their capabilities increase at that time?

btr1701 (profile) says:

Re: NSA Violations

The NSA seems to be the most powerful agency
in the country…more so then the CIA, the FBI,
the Justice Department, Homeland Security, on and on.

Congress is always the ultimate authority because Congress controls the money. You think those data centers are cheap? If Congress turns off the tap, it won’t be long before NSA can’t pay the bills to keep all their fancy toys running.

Mr. Applegate says:

Re: Re: NSA Violations

“Congress is always the ultimate authority because Congress controls the money. You think those data centers are cheap? If Congress turns off the tap, it won’t be long before NSA can’t pay the bills to keep all their fancy toys running.”

Do you really think congress has any idea where the money is really being spent. You don’t honestly believe the government spends $800 for a hammer do you?

DOD, we need money to buy .

Congress says here is $$$B toward your goal.

DOD does a little fancy accounting and $$B gets pumped through to the NSA and $B gets spent on .

NSA has cash and congress knows nothing about it.

DOD presses the “That was Easy” button and repeats.

Mr. Applegate says:

Re: Re: Re:2 NSA Violations

Nothing to do with Independence day. The point is that the DOD can and does routinely spend money for things OTHER than what are budgeted.

What would likely happen is that would get worse if the congress decided to ‘take away’ the NSA budget. There is no one in congress that will properly oversee the DOD, and you really can’t it is just too big to track every penny.

The budget for the DOD for 2014 is proposed to be between $512B and $516B dollars. No one would even question where $10M or $20M of that went, it is less than .5% of the budget. Do you really think the DOD can’t make $10 or 12 Million (Or far more) get get funneled to the NSA (or a similar program)?

Zeissmann (profile) says:

Encryption

What I find exceptionally crazy about this one is that NSA can “retain and make use of “inadvertently acquired” domestic communications if they (…) are encrypted”. Think about it for a moment. According to the FISA “court” the mere attempt at exercising your basic constitutional right to privacy makes you suspicious and therefore not eligible to privacy. Talk about circular reasoning.

Anonymous Coward says:

Well, now we know how to overwhelm the system: everyone append long random strings of the characters used in base64 encoding (randomly ending in 0, 1 or 2 equal signs) to all messages, and bursts of digital noise to cell phone calls.

The NSA will interpret them as encrypted messages and retain them thus wasting storage space and giving a hopeless task should they ever decide to try to decrypt them.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...