Appeals Court Revives Wikimedia's Lawsuit Against The NSA

from the doesn't-'collect-it-all'-mean-'collect-it-all?' dept

Back in 2015, Wikimedia's lawsuit against the NSA -- filed with several other plaintiffs and with the help of the ACLU -- was tossed out by the district court. Wikimedia argued it was illegally the subject of NSA upstream surveillance, thanks to the nature of this Section 702 collection. Wikimedia's reach is global, making it highly likely the NSA was gathering its content and communications while snagging data off internet backbones.

To further demonstrate the probability of this happening, Wikipedia submitted leaked Snowden documents, including an NSA presentation slide that contained Wikimedia's logo.

>

No dice. The district court said Wikimedia had no standing to pursue these claims, even with the unexpected buttress of leaked NSA documents. The court went even further, disabusing Wikipedia of its "99.9999999999% certainty" notion that the NSA had illegally harvested at least one of its trillions of internet transactions. In all, it was a very ugly day for Wikimedia and its lawsuit.

Fortunately, for Wikimedia, its lawsuit has been revived on appeal. The Fourth Circuit Appeals Court is far more amenable to Wikimedia's claims, finding them to be more credible than the lower court determined. From the opinion [PDF]:

[A]t least at this stage of the litigation, Wikimedia has standing to sue for a violation of the Fourth Amendment. And, because Wikimedia has self-censored its speech and sometimes forgone electronic communications in response to Upstream surveillance, it also has standing to sue for a violation of the First Amendment.

The court doesn't necessarily treat all of Wikimedia's allegations as true, but finds it has handed over enough background evidence to give it standing to pursue its First and Fourth Amendment claims.

But this revival is limited to Wikimedia and only some of its claims. The seven other plaintiffs aren't invited to the next district court round. A lack of produced evidence appears to have killed off the "dragnet" claims raised by the plaintiffs (which includes Wikimedia). The other defendants have a much smaller web footprint, making it less plausible their communications were subjected to upstream collection by the NSA. The only way those claims would be plausible is if the court found the "dragnet" assertions plausible… which it doesn't.

The Dragnet and Wikimedia Allegations share much in common. Because each alleges the same particularized and ongoing cognizable injuries, our analysis of the injury-in-fact, traceability, and redressability elements of Article III standing with respect to the Wikimedia Allegation also applies here. But there’s a key difference in the scope of the two allegations. In the Dragnet Allegation, Plaintiffs must plausibly establish that the NSA is intercepting “substantially all” text-based communications entering and leaving the United States, whereas it’s sufficient for purposes of the Wikimedia Allegation to show that the NSA is conducting Upstream surveillance on a single backbone link. Because Plaintiffs don’t assert enough facts about Upstream’s operational scope to plausibly allege a dragnet, they have no Article III standing.

The difference between the two claims is one of numbers. Wikimedia only had to show its traffic traveled across enough internet backbones to plausibly claim harvesting from any one of them would result in interception of its communications. The "dragnet" argument claims the NSA is harvesting almost everything that travels across multiple backbones. The majority finds this assertion unlikely. The dissent, however, says the same arguments Wikimedia put forth to demonstrate the probability of illegally-intercepted communications lend credence to the "dragnet" argument simply because that's how internet traffic works.

Plaintiffs have plausibly alleged that the NSA surveils most backbone links because — based on the technical rules governing internet communications — the agency cannot know which link the communications it targets will traverse when they enter or leave the United States. The path that packets take along the internet backbone is determined dynamically based on unpredictable conditions. Thus, a communication sent by a surveillance target can enter the United States through one backbone link, but an immediate response returned to the surveillance target can traverse a different backbone link. Similarly, communications sent by a surveillance target at different times or locations can traverse different backbone links. Given this technical limitation, the government’s disclosure that the NSA seeks to “comprehensively acquire communications that are sent to or from its targets,” J.A. 49, renders Plaintiffs’ allegation plausible. If the NSA cannot know which backbone link its targets’ internet communications will traverse, then the only way it can comprehensively acquire its targets’ communications is by surveilling virtually every backbone link.

It's a good point but it's not enough to save the rest of the plaintiffs, which include the National Association of Criminal Defense Lawyers, Human Rights Watch, and Amnesty International. Perhaps a further examination of Wikimedia's arguments by the lower court will aid these plaintiffs in their future legal endeavors.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Hugo Connery (profile), 24 May 2017 @ 5:02am

    NSA competence

    Despite failing to protect developed rabid windows vulnerabilities, the NSA must be assumed to have a very high percentage of border transit electronic surveillance, as per order.

    Ah, the fourth. The issue is the definition of "seizure". For they are not seizing, they are copying! c.f. Utah data center.

    I suggest a copyright infringement charge x 10^100000 ;)

    reply to this | link to this | view in chronology ]

  • identicon
    Machin Shin, 24 May 2017 @ 5:52am

    Beyond stupid

    I still can't believe the courts seem to just shrug things like this off. They are basically saying the government is allowed to violate any laws they want so long as they put a big "classified" stamp across the project. The courts are supposed to be one of the checks and balances. The only way that can work is if they are willing to challenge this kind of bull shit.

    reply to this | link to this | view in chronology ]

  • icon
    takitus (profile), 24 May 2017 @ 6:48am

    Defining “dragnet”

    Plaintiffs have plausibly alleged that the NSA surveils most backbone links…

    The court agrees that Wikimedia is likely to have been surveilled—as the post notes—due to the sheer volume of Wikimedia traffic. This admits implicitly that NSA performed/performs mass data collection, as any Internet service of similar scale could make the same claim.

    But the court performs the following dance to avoid an uncomfortable term:

    In the Dragnet Allegation, Plaintiffs must plausibly establish that the NSA is intercepting “substantially all” text-based communications entering and leaving the United States, whereas it’s sufficient for purposes of the Wikimedia Allegation to show that the NSA is conducting Upstream surveillance on a single backbone link.

    As the dissent seems to notice, this is splitting a hair very finely. The providers of a service successfully argue that it has been snooped on the basis of traffic volume alone, and the court admits that the NSA surveils “most” backbones. Either the judge has a poor understanding of the volume of data that can be collected from a backbone, or he/she has an unusual definition of “dragnet”.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 May 2017 @ 8:20am

      crooked judge

      ^^^ "Either the judge has a poor understanding of the volume of data that can be collected from a backbone, or he/she has an unusual definition of “dragnet"


      ... the 3rd & correct conclusion is that this judge is acting maliciously and illegally in refusing to uphold the 4th Amendment.

      This judge (and all judges) are hired employees of the government and work in formal departments of the government.
      They primarily represent the interests of their employer (the government), especially in direct disputes of private citizens/organizations against "government" agencies.

      Blind trust in government judges & courts is a major error that effectively shields vast amounts of government malfeasance. But most Americans are brainwashed into implicit trust of all courts/judges

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 May 2017 @ 9:07am

    https???

    Umm, don't most sites use httpS now?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 May 2017 @ 9:44am

      Re: https???

      Umm, don't most sites use httpS now?

      Wikipedia will redirect to https now, but according to the NSA's slide it used to be http. Their https setup was weird for a long time; you had to go through a different domain, I think wikimedia.org, so very few people would have been doing it (probably just "HTTPS anywhere" users).

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 May 2017 @ 2:10pm

      Re: https???

      HTTPS or not, NSA is still able to spy on all Internet users.

      reply to this | link to this | view in chronology ]

      • identicon
        Thad, 24 May 2017 @ 3:23pm

        Re: Re: https???

        Yeah, encryption is a good start, but it doesn't protect you against man-in-the-middle attacks, browser vulnerabilities, SSL library vulnerabilities, OS vulnerabilities, router vulnerabilities, sloppy CAs, bribes, vans parked across the street with radiation detectors that can reproduce images on computer monitors, bribes, etc.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2017 @ 1:53am

    Tor?

    Yes, we want all sites to use https (LetsEncrypt anyone?) and for the person visiting the site to use Tor (and run a relay).

    What then? Not "going dark" but "all black" (and thus a concerted attack on Tor).

    Tensions, tensions.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.