Section 702 clause being used by the NSA to spy on our emails & phone calls

May 13, 2014

The most recent disclosure of classified NSA documents revealed that the British spy agency GCHQ sought unfettered access to NSA data collected under Section 702 of the FISA Amendments Act. Not only does this reveal that the two agencies have a far closer relationship than GCHQ would like to publicly admit, it also serves as a reminder that surveillance under Section 702 is a real problem that has barely been discussed, much less addressed, by Congress or the President.

In fact, the "manager’s amendment" to the USA FREEDOM Act, which passed unanimously out of the House Judiciary Committee, has weakened the minimal changes to Section 702 that USA FREEDOM originally offered. Although Representative Zoe Lofgren—who clearly understands the import of Section 702—offered several very good amendments that would have addressed these gaps, her amendments were all voted down. There’s still a chance though—as this bill moves through Congress it can be strengthened by amendments from the floor.

Section 702 has been used by the NSA to justify mass collection of phone calls and emails by collecting huge quantities of data directly from the physical infrastructure of communications providers. Here’s what you should know about the provision and why it needs to be addressed by Congress and the President:

Most of the discussion around the NSA has focused on the phone records surveillance program. Unlike that program, collection done under Section 702 captures content of communications. This could include content in emails, instant messages, Facebook messages, web browsing history, and more.

Even though it’s ostensibly used for foreign targets, Section 702 surveillance sweeps up the communications of Americans. The NSA has a twisted, and incredibly permissive, interpretation of targeting that includes communications about a target, even if the communicating parties are completely innocent. As John Oliver put it in his interview with former NSA General Keith Alexander: "No, the target is not the American people, but it seems that too often you miss the target and hit the person next to them going, 'Whoa, him!'"

The NSA has confirmed that it is searching Section 702 data to access American’s communications without a warrant, in what is being called the "back door search loophole." In response to questions from Senator Ron Wyden, former NSA director General Keith Alexander admitted that the NSA specifically searches Section 702 data using "U.S. person identifiers," for example email addresses associated with someone in the U.S.

The NSA has used Section 702 to justify programs in which the NSA can siphon off large portions of Internet traffic directly from the Internet backbone. These programs exploit the structure of the Internet, in which a significant amount of traffic from around the world flows through servers in the United States. In fact, through Section 702, the NSA has access to information stored by major Internet companies like Facebook and Google.

Section 702 is likely used for computer security operations. Director of National Intelligence James Clapper noted Section 702's use to obtain communications "regarding potential cyber threats" and to prevent "hostile cyber activities." Richard Ledgett, Deputy Director of NSA, noted the use of intelligence authorities to mitigate cyber attacks.

The FISA Court has little opportunity to review Section 702 collection. The court approves procedures for 702 collection for up to a year. This is not approval of specific targets, however; "court review [is] limited to 'procedures' for targeting and minimization rather than the actual seizure and searches." This lack of judicial oversight is far beyond the parameters of criminal justice.

Not only does the FISA Court provide little oversight, Congress is largely in the dark about Section 702 collection as well. NSA spying defenders say that Congress has been briefed on these programs. But other members of Congress have repeatedly noted that it is incredibly difficult to get answers from the intelligence community, and that attending classified hearings means being unable to share any information obtained at such hearings. What’s more, as Senator Barbara Mikulski stated: "'Fully briefed' doesn’t mean that we know what’s going on." Without a full picture of Section 702 surveillance, Congress simply cannot provide oversight.

Section 702 is not just about keeping us safe from terrorism. It’s a distressingly powerful surveillance tool. While the justification we’ve heard repeatedly is that NSA surveillance is keeping us safer, data collected under Section 702 can be shared in a variety of circumstances, such as ordinary criminal investigations. For example, the NSA has shared intelligence with the Drug Enforcement Agency that has led to prosecutions for drug crimes, all while concealing the source of the data.

The President has largely ignored Section 702. While the phone records surveillance program has received significant attention from President Obama, in his speeches and his most recent proposal, Section 702 remains nearly untouched.

The way the NSA uses Section 702 is illegal and unconstitutional—and it violates international human rights law. Unlike searches done under a search warrant authorized by a judge, Section 702 has been used by the NSA to get broad FISA court authorization for general search and seizure of huge swathes of communications. The NSA says this is OK because Section 702 targets foreign citizens. The problem is, once constitutionally protected communications of Americans are swept up, the NSA says these communications are “fair game” for its use.

Innocent non-Americans don't even get the limited and much abused protections the NSA promises for Americans. Under international human rights law to which the United States is a signatory, the United States must respect the rights of all persons. With so many people outside the United States keeping their data with American companies, and so much information being swept up through mass surveillance, that makes Section 702 the loophole for the NSA to violate the privacy rights of billions of Internet users worldwide.

https://www.eff.org/deeplinks/2014/05/way-nsa-uses-section-702-deeply-troubling-heres-why

New email documents reveal close ties between the NSA & companies like Apple, Google & Microsoft: New e-mails obtained under the Freedom of Information Act reveal former NSA Director Keith Alexander's close communication with technology companies regarding emerging cybersecurity threats. The CEOs of Google, Apple, Microsoft, and other technology companies were invited to classified briefings as part of the "Enduring Security Framework," a government initiative focused on sharing "cyber threat information with the private sector." EPIC previously sued the NSA to obtain records about the agency's collaboration with Google on cybersecurity, following the China hack in January 2010. In that case, the NSA refused to confirm or deny the existence of any records responsive to EPIC's request. EPIC had previously urged Google to routinely encrypt cloud-based services.
The NSA tampers with US-made internet routers:

A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft … is very hands-on (literally!)".

Eventually, the implanted device connects back to the NSA. The report continues: "In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network."
http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden

Wisconsin & other police depts are using secret devices to spy on everyone's cell phones:

Police in Wisconsin have at least two devices that secretly track cellphone locations in real time to target suspects or missing persons — technology that simultaneously mines data from hundreds or thousands of unsuspecting people nearby.

State Sen. Glenn Grothman, the senate’s lead sponsor of the cellphone tracking bill, said he is disturbed by the capabilities of the Stingray.

“We’re headed to the point where the government knows where you are at any time of the day or night, and we don’t want to be there,” said Grothman, R-West Bend. “The people who push these devices of course will always say that you can trust the government — they will never abuse their power. But a lot of our Constitution is based on the idea that you can’t trust the government with unlimited power.”

The devices — known by the trade name Stingray — raise an array of concerns for privacy advocates because law enforcement officials won’t say how often the device is used, how the data is used or kept, or whether they get a warrant from a judge before using it.

“We have very powerful technology that has very important consequences for our privacy, but we don’t have the kind of transparency necessary to kind of understand what the contours of the issue are,” said Byron Lichstein, an attorney arguing a Wisconsin Supreme Court case over whether a warrant to use a Stingray in Milwaukee was sufficient. “Even if the targeted information is narrow, the amount and private nature of the information that can be collected is pretty striking.”

Law enforcement officials declined interview requests and redacted references to the Stingray in public records requested by the Gannett Wisconsin Media Investigative Team.

Milwaukee Police Department spokesman Lt. Mark Stanmeyer did not return phone calls or emails seeking comment for this story. Harris spokesman Jim Burke declined to answer questions about the Stingray “because of the nature of our customers and the technology.” Harris sells surveillance devices for law enforcement and military use.

However, documents show the devices have been used for years by the Wisconsin Department of Justice and the Milwaukee Police Department. The DOJ device has been in use since at least 2006 and is loaned to federal, state and local agencies for use throughout Wisconsin and neighboring states.

The suitcase-sized Stingray masquerades as a cell tower to trick cellphones into connecting to it. It can show police phones within a mile or more, depending on terrain. Records show the DOJ Stingray cost more than $150,000, and the DOJ and Milwaukee police both purchased upgrade packages that topped $100,000.

A Stingray is not believed to intercept the content of calls or text messages. But it captures location details and, possibly, the numbers with which a given phone is communicating, according to court records and published reports.

“It’s hard to know how all the information is going to be used once it’s collected so that’s why you need limits on what can and can’t be collected,” said Lichstein, a clinical associate professor at the University of Wisconsin Law School.

Police in other states have often used the device without warrants, including more than 200 times in Florida since 2010, according to court testimony. A Minnesota agency said in 2011 warrants aren’t needed because a cell tracking device “does not intercept communication.”
http://www.thenorthwestern.com/article/20140331/OSH0198/303290107/State-cops-can-track-residents-cellphones?nclick_check=1

Seven mass surveillance tools local police are probably using:

1.) Massive wide-area surveillance:

CIR and KQED discovered that the Los Angeles County Sheriff’s Department conducted a two-week experiment that attached cameras to a manned civilian aircraft (not a drone) without telling Compton residents. CIR reporter G.W. Schulz described it as “Google Earth with a rewind button and the ability to play back the movement of cars and people as they scurry about the city.”

2.) Facial recognition software:

Military-grade facial recognition software has landed in San Diego County. Using a tablet, police can take a photo of your face and run it against a database of about 348,000 county arrestees. This pilot program also rolled out without any public hearing or notice.

3.) License plate scanners:

A license-plate reader mounted on a San Leandro Police Department car can log thousands of plates in an eight-hour patrol shift. “It works 100 times better than driving around looking for license plates with our eyes,” says police Lt. Randall Brandt.
While not a new technology, the increasing use of license-plate scanners is raising serious concerns about how that data is stored and who has access to it. One manufacturer, Vigilant Solutions, which also houses a massive private database of plate information, makes law enforcement agencies sign nondisclosure agreements. 4.) Streetlights & ShotSpotter with recording capabilities: In Las Vegas, officials are using ordinary-looking streetlights with many talents. These Intellistreets, as they’re called by designer Illuminating Concepts, run on wireless Internet and can come equipped with add-ons that would allow you to record and shoot video. As of 2013, Las Vegas officials say they are not using these features – they just have the ability to do so. Police are also spying on citizens conversations using ShotSpotter. Click here & here to read more.ShotSpotter is being used by DHS and police to illegally spy on our public conversations! 5.) Behavioral recognition software: During the 2012 Republican National Convention in Tampa, Florida, police used behavioral recognition software to amp up surveillance and security. The software uses camera footage to automate suspicious activity detection. To fight back, Jon Gales created an app to track where the cameras were located. 6.) Stingray: In California, multiple local agencies from the Bay Area to Sacramento have been using stingray technology to track and collect cellphone data in real time with precision. The ACLU describes a stingray as “a device that mimics a cell tower and thereby tricks all wireless devices on the same network into communicating with it.” News10 in Sacramento tried to find out which agencies in particular are using the device – all refused to disclose how they were using it, and some would not comment on whether they have it. 7.) Intelligence analysis software: The Los Angeles Police Department already is using intelligence analysis tools from Palantir, a Silicon Valley-based firm that makes data-mining software and is partially funded by the CIA. The department did not comment on its use of the intelligence program to LA Weekly, but officials explain how they use Palantir on a daily basis in a video testimonial:

http://cironline.org/blog/post/7-mass-surveillance-tools-your-local-police-might-be-using-6327?utm_source=Marketo&utm_medium=Email&utm_campaign=May 08, 2014%20Weekly&mkt_tok=3RkMMJWWfF9wsRonv6zBZKXonjHpfsX57%2B8pWqSg38431UFwdcjKPmjr1YIETsV0aPyQAgobGp5I5FE

The NSA/CIA kills people based on metadata they collect:

Supporters of the National Security Agency inevitably defend its sweeping collection of phone and Internet records on the ground that it is only collecting so-called “metadata”—who you call, when you call, how long you talk. Since this does not include the actual content of the communications, the threat to privacy is said to be negligible. That argument is profoundly misleading.

Of course knowing the content of a call can be crucial to establishing a particular threat. But metadata alone can provide an extremely detailed picture of a person’s most intimate associations and interests, and it’s actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls. As NSA General Counsel Stewart Baker has said, “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” When I quoted Baker at a recent debate at Johns Hopkins University, General Michael Hayden, former director of the NSA and the CIA, called Baker’s comment “absolutely correct,” and raised him one, asserting, “We kill people based on metadata.”

It is precisely this power to collect our metadata that has prompted one of Congress’s most bipartisan initiatives in recent years. On May 7, the House Judiciary Committee voted 32-0 to adopt an amended form of the USA Freedom Act, a bill to rein in NSA spying on Americans, initially proposed by Democratic Senator Patrick Leahy and Republican Congressman James Sensenbrenner. On May 8, the House Intelligence Committee, which has until now opposed any real reform of the NSA, also unanimously approved the same bill. And the Obama administration has welcomed the development.

This is the same Congress that repeatedly reauthorized the 2001 USA Patriot Act, a law that was also proposed by Sensenbrenner and on which the bulk collection of metadata was said to rest—even if many members of Congress were not aware of how the NSA was using (or abusing) it. And this is the same administration that retained the NSA’s data collection program, inherited from its predecessor, as long as it was a secret, and only called for reform when the American people learned from the disclosures of NSA contractor Edward Snowden that the government was routinely collecting phone and Internet records on all of us. So, one might well ask, if Congress and the White House, Republicans and Democrats, liberals and conservatives, all now agree on reform, how meaningful can the reform be?

This is a reasonable question. This compromise bill addresses only one part of the NSA’s surveillance activities, and does not do nearly enough to address the many other privacy-invasive practices that we now know the NSA has undertaken. But it’s nonetheless an important first step, and would introduce several crucial reforms affecting all Americans.

First, and most importantly, it would significantly limit the collection of phone metadata and other “business records.” Until now, the NSA and the Foreign Intelligence Surveillance Court have aggressively interpreted a USA Patriot Act provision that authorized collection of business records “relevant” to a counterterrorism investigation. The NSA convinced the court that because it might be useful in the future to search through anyone’s calling history to see if that person had been in contact with a suspected terrorist, the agency should be able to collect everyone’s records and store them for five years.

The NSA has said it only searched its vast database of our calling records when it had reasonable suspicion that a phone number was connected to terrorism. But it did not have to demonstrate the basis for this suspicion to a judge. Moreover, it was authorized to collect data on all callers one, two, or three steps removed from the suspect number—an authority that can quickly generate more than one million phone numbers of innocent Americans from a single suspect source number. The fact that you may have called someone (say, your aunt) who in turn called someone (say, the Pizza Hut delivery guy) who was in turn once called by a suspected terrorist says nothing about whether you’ve engaged in wrongdoing. But it will land you in the NSA’s database of suspected terrorist contacts.

Under the USA Freedom Act, the NSA would be prohibited from collecting phone and Internet data en masse. Instead, such records would remain with the telephone and Internet companies, and the NSA would only be authorized to approach those companies on an individual, case-by-case basis, and only when it could first satisfy the Foreign Intelligence Surveillance Court that there is reasonable suspicion that a particular person, entity, or account is linked to an international terrorist or a representative of a foreign government or political organization. This is much closer to the specific kind of suspicion that the Fourth Amendment generally requires for intrusions on privacy. At that point, the court could order phone companies to produce phone calling records of all numbers that communicated with the suspect number (the first “hop”), as well as all numbers with which those numbers in turn communicated (the second “hop”).

Further restrictions are necessary. Through these authorized searches the NSA would still be able to collect large amounts of metadata on persons whose only “sin” was that they called or were called by someone who called or was called by a suspected terrorist or foreign agent. At a minimum, “back-end” limits on how the NSA searches its storehouse of phone numbers are still needed. But the bill would at least end the practice of collecting everyone’s calling records.

Second, the new House bill imposes similar limits on other USA Patriot Act provisions that were susceptible to being used, or had been used, to authorize collection of data in bulk. These include a provision empowering the government to obtain information by “national security letters,” a kind of administrative subpoena issued without judicial oversight, and “pen registers,” which intercept Internet and phone trafficking data. All of these powers would now be limited by the same requirement that the government seek case-by-case warrants based on suspicion about a particular person or group. The point is to end bulk collection of data across the board, and return the agency to the more targeted searches and inquiries that US laws have historically deemed reasonable.

Third, the bill would establish a panel of legal experts, appointed by the presiding judges of the Foreign Intelligence Surveillance Court, who would participate in proceedings before the court when it addresses “a novel or significant interpretation of law,” and in any other proceedings at the court’s discretion. They would appear as amicus curiae, or “friends of the court,” but their purpose would be to add an independent assessment of the legal issues involved, ensuring that the court is not hearing only from the government. Such a panel would increase the likelihood that difficult legal issues get a full and fair consideration, and would likely shore up the public legitimacy of the secret court, which as of now is dismissed by many, rightly or wrongly, as a “rubber stamp.”

Finally, the bill contains a number of measures designed to increase transparency and oversight. It would require the attorney general to request the declassification of opinions of the FISA court, permit private Internet and telephone companies to report semiannually on the volume of records they were required to produce, and require the Inspectors General of the Justice Department and the Intelligence Community to report on the numbers of records requested and the effectiveness of the program. Had Verizon been permitted to report, for example, that it was being compelled to turn over hundreds of millions of phone records on its customers to the NSA, and had the Inspector General informed us that the program had stopped not a single terrorist act, it is likely that bulk collection would have been cut short long ago.
http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-people-based-metadata/
http://justsecurity.org/2014/05/10/michael-hayden-kill-people-based-metadata/

Court ruling: Public doesn’t have a right to information on criminal cases involving warrantless cellphone tracking

The public doesn’t have a right to information on criminal cases involving warrantless cellphone tracking if the defendant was acquitted or had their case dismissed, a federal appeals court in Washington ruled Friday.

A divided three-judge panel of the U.S. Court of Appeals for the D.C. Circuit found the defendants’ privacy rights outweighed the public’s interest in understanding the scope of warrantless cellphone tracking by the government. The ACLU sued the DOJ for case names and docket numbers of prosecutions where the government got a court order, but not a warrant, to obtain cellphone data.

The court previously ruled in 2011 that the DOJ was required to turn over information on warrantless tracking in in cases in which a defendant was found guilty. The public’s interest in understanding how law enforcement agencies were using warrantless cellphone tracking outweighed the defendants’ privacy interest, the court said.

The ruling left a handful of cases where warrantless tracking took place but the defendant was acquitted or the charges were dismissed. In its 2011 decision, the D.C. Circuit didn’t decide whether information on those cases should be public. Judge David Tatel, in an opinion joined by Judge Brett Kavanaugh, ruled Friday that the Justice Department overstated the privacy interests of the defendants still at issue by comparing them to individuals who were under investigation but never charged.

The court still found that their privacy rights were much stronger than those found guilty.

“Indeed, the government, having brought the full force of its prosecutorial power to bear against individuals it ultimately failed to prove actually committed crimes, has a special responsibility—a responsibility it is fulfilling here—to protect such individuals from further public scrutiny,” Tatel wrote.

Judge Janice Rogers Brown wrote in dissent that she sympathized with the majority’s “protective instincts,” but disagreed with their conclusion. “Redemption is still possible, but in the modern world, the right to be left alone, once forfeited, is gone for good,” she wrote. “An individual who is indicted and tried has no privacy interest that can protect the public record of prosecution from disclosure—even if the ultimate outcome was acquittal or dismissal.”

Arthur Spitzer, legal director of the American Civil Liberties Union of the Nation’s Capital, argued the case. He said Friday that it was too soon to say if they would ask a full sitting of the court to reconsider. “We think the idea that someone who was publicly indicted by the federal government can somehow keep that information private is just unrealistic in today’s Internet world,” Spitzer said. “We’re mystified at what privacy interest the government thinks it’s protecting.”
http://www.nationallawjournal.com/legaltimes/id=1202654726535/Court+Privacy+Outweighs+Public+Interest+in+Dispute+Over+Cell+Tracking+Records%3Fmcode=0&curindex=0&curpage=2

Politically Incorrect News

Discussion about this post