The NSA's 'Time Machines' Make It Incredibly Easy To Violate Section 702 Restrictions

from the collect-all-the-things! dept

Marcy Wheeler has a fascinating post about NSA collection activities under Section 702 and Executive Order 12333. The rules governing the collections allow the NSA to gather communications when a targeted foreigner leaves the country, but are supposed to cease when this target returns to the United States. It’s something that’s easier said than done, even when the NSA engages in good faith efforts to abide by these restrictions.

As Wheeler points out, the collection efforts don’t always comply with these rules, and the way they’re constructed allows the NSA to collect communications and other data it shouldn’t have access to. First, this is how they’re supposed to work:

The short version is that FISA imposes some restrictions on whether you can collect data at rest to obtain data from outside the period of a FISA order. Thus, if you’re not supposed to collect on someone when they’re in the US (whether that person is a US person or a foreigner), there are classified restrictions about whether you can collect stored data from that period.

None of these rules are (as far as I’m aware) public, but there are rules for all the various laws. In other words, you’re not supposed to be able to collect GMail on a foreigner while they’re in the US, but you’re also not supposed to be able to cheat and just get the same Gmail as soon as they leave the country.

When a US person is targeted, violations are even more likely. Again, the NSA can collect data and communications created when this person is located overseas, but is not supposed to have access to anything created while the person was in the United States. But it doesn’t always do this, thanks in part to how it conducts its FISA searches.

This is even more complex for Americans. Domestically, there are two kinds of collection: 1805, which is the collection of data in motion — an old fashioned wiretap, and 1824, which is called a “physical search” order. The government likes to hide the fact that the collection of data at rest is accomplished with an 1824 physical search order, not 1805. So an 1824 order might be used to search a closet, or it might be used to image someone’s hard drive. Most often, 1805 and 1824 get combined, but not always (the FISC released a breakdown for these last year).

So, when this target travels overseas, the person data can be collected. While it’s restricted to the time period the person is out of the country — and further restricted by the period covered by the FISA order — the NSA’s collection programs, which include implants on devices, continue to gather data in motion while the collection is supposedly forbidden. This is stored by the NSA, accessible at any time.

Data at rest is an even bigger problem. This often comes from device imaging or exfiltration via hacking. Data at rest can come from any time period, including months or years before the person became an NSA target. This is the end result of the NSA’s multiple collection authorities and its harvesting tactics.

Effectively, once someone leaves the country the NSA has access to time machines to collect data from the past, though there are supposed to be limits on doing this.


[B]ecause of the differing rules on data in motion and data at rest — and because of the truly awesome methods used as soon as someone goes overseas — there are actually a lot of ways that NSA can get around the legal limitations based on space by playing with the limitations on time.

As Wheeler notes, it’s a problem for the NSA, even when it engages in good faith collection efforts. Segregation of data is an ongoing issue, one highlighted by its recent abandonment of its “about” email collection. Most of the legal authorities used are seldom discussed because they remain shrouded in official secrecy, so there’s no telling how often violations occur. But the NSA’s data-harvesting “time machines” clearly violate guidelines and are yet another reason no one should be in a hurry to grant a clean reauthorization of Section 702 at the end of this year.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The NSA's 'Time Machines' Make It Incredibly Easy To Violate Section 702 Restrictions”

Subscribe: RSS Leave a comment
Yes, I know I'm commenting anonymously says:

a simpler time machine

How complicated.
does anyone remember that data left on a server for 180 days counts as `abandoned’ and no longer is subject to privacy protections? Hint:
the NSA only needs to leave data on its servers for 180 days to get unlimited access to it, under this reasoning.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...