Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: Schrodinger’s Catnip: Questions & Answers on NSA Data Collection

Gregory Foster gfoster at entersection.org
Thu Jun 13 21:52:09 PDT 2013


Thank you for forwarding this, Yosem.

For reference, here's the article online:
http://www.raschcyber.com/1/post/2013/06/schrodingers-cat-nip.html

The blog byline credits Mark Rasch and Sophia N. Hannah - and suggests 
that the authors are working on an analysis of PRISM, which I hope will 
also be forwarded to LibTech upon release.

FYI, I've taken the liberty of replacing the original text forwarded to 
the list with a copy of the online text because the original character 
encoding introduced artifacts which made subsequent forwards hard to 
read.  It also looks like there may have been subsequent edits.

Thanks to the authors for this helpful analysis -
gf


-------- Original Message --------
Subject: 	[liberationtech] Schrodinger’s Catnip: Questions & Answers on 
NSA Data Collection
Date: 	Thu, 13 Jun 2013 20:09:23 -0700 (PDT)
From: 	Yosem Companys <companys at stanford.edu>
Reply-To: 	liberationtech <liberationtech at lists.stanford.edu>
To: 	Liberation Technologies <liberationtech at lists.stanford.edu>
CC: 	Mark Rasch <mdrasch at AOL.COM>



From: Mark Rasch <mdrasch at AOL.COM>

Schrodinger'€™s Catnip

DISCLAIMER: I know nothing about the NSA surveillance programs other
than what I read in the papers.  Thus, my legal analysis of the
program may be completely wrong, since they are highly fact dependent.

The NSA programs to retrieve and analyze telephone metadata and internet
communications and files (the former I will call the telephony program, the
latter codenamed PRISM) are at one and the same time narrow and potentially
reasonably designed programs aimed at obtaining potentially useful information
within the scope of the authority granted by Congress.  They are, at one and the
same time perfectly legal and grossly unconstitutional.  It’s not that I am of
two opinions about these programs.  It is that the character of these programs
are such that they have both characteristics at the same time.  Like
Schrodinger’s cat, they are both alive and dead at the same time – and a further
examination destroys the experiment.

Let’s look at the telephony program first.  Telephone companies, in addition to
providing services, collect a host of information about the customer including
their name, address, billing and payment information (including payment method,
payment history, etc.).  When the telephone service is used, the phone company
collects records of when, where and how it was used – calls made (or attempted),
received, telephone numbers, duration of calls, time of day of calls, location
of the phones from which the calls were made,  and other information you might
find on your telephone bill.  In addition, the phone company may collect certain
technical information – for example, if you use a cell phone, the location of
the cell from which the call was made, and the signal strength to that cell
tower or others.  From this signal strength, the phone company can tell
reasonably precisely where the caller is physically located (whether they are
using the phone or not) even if the phone does not have GPS.  In fact, that is
one of the ways that the Enhanced 911 service can locate callers.

The phone company creates these records for its own business purposes.  It used to
collect this primarily for billing, but with unlimited landline calling, that
need has diminished.  However, the phone companies still collect this data to do
network engineering, load balancing and other purposes.  They have data
retention and destruction policies which may keep the data for as short as a few
days, or as long as several years, depending on the data.  Similar “metadata” or
non-content information is collected about other uses of the telephone networks,
including SMS message headers and routing information.

Continuing with the Schrödinger analogy, the law says that this is private
personalinformation, which the consumer does not own and for which the consumer
has no expectation of privacy.  Is that clear?  Federal law http://www.law.cornell.edu/uscode/text/47/222calls this telephone metadata “Consumer Proprietary Network Information” or CPNI. 47 U.S.C. 222 (c)(1) provides that:

Except as required by law or with the approval of the customer, a telecommunications
carrier that receives or obtains customer proprietary network information by
virtue of its provision of a telecommunications service shall only use,
disclose, or permit access to individually identifiable customer proprietary
network information in its provision of (A) the telecommunications service from
which such information is derived, or (B) services necessary to, or used in, the
provision of such telecommunications service, including the publishing of
directories.

Surprisingly, the exceptions to this prohibition do not include a specific “law enforcement”or
“authorized intelligence activity” exception.  Thus, if the disclosure of
consumer CPNI to the NSA under the telephony program is “required by law” then
the phone company can do it.  If not, it can’t.  But wait, there’s more.

At the same time that the law says that consumer’s telephone metadata is private,
it also says that consumers have no expectation of privacy in that data.  In a
landmark 1979  decision, http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=442&invol=735 the United States Supreme Court held that the government could use a simple subpoena (rather than a search warrant) to obtain the telephone billing records of a
consumer.  See, these aren’t the consumer’s records.  They are the phone
company’s records.  The Court noted, “we doubt that people in general
entertain any actual expectation of privacy in the numbers they dial. All
telephone users realize that they must "convey" phone numbers to the telephone
company, since it is through telephone company switching equipment that their
calls are completed. All subscribers realize, moreover, that the phone company
has facilities for making permanent records of the numbers they dial, for they
see a list of their long-distance (toll) calls on their monthly bills.”
The court went on, “even if petitioner did harbor some subjective
expectation that the phone numbers he dialed would remain private, this
expectation is not "one that society is prepared to recognize as
`reasonable.'”  By trusting the phone company with the records of the
call, consumers “assume the risk” that the third party will disclose it.  The
Court explained, “petitioner voluntarily conveyed to it information that it had
facilities for recording and that it was free to record. In these circumstances,
petitioner assumed the risk that the information would be divulged to
police.”


This dichotomy is not surprising.  The Supreme Court held that, as a matter of
Constitutional law, any time you trust a third party, you run the risk that the
information will be divulged.  Prosecutors and litigants subpoena third party
information all the time –your phone bills, your medical records, credit card
receipts, bank records, surveillance camera data, and records from your mechanic
– just about anything.  These are not your records, so you can’t complain.  At
the same time, Congress was concerned with phone company’s use of CPNI for
marketing purposes without consumer consent, so they imposed statutory
restrictions on the disclosure or use of CPNI unless “required by law.”

Enter the NSA.

There is little doubt that telephony metadata can be useful in foreign intelligence
and terrorism cases.  Hell, it can be useful in any criminal investigation, or
for that matter civil or administrative case.  But if the CIA obtains the phone
records of, say Abu Nazir (for Homeland fans), and spots a phone number he has
called, they, through the NSA want to be able to find out information about that
phone call, and who that person called.  The NSA wants this data for precisely
the same reason that it is legally protected – phone metadata reveals patterns
which can show relationships between people, and help determine who is
associated with whom and for what purpose.  Metadata and link analysis can help
distinguish between a call to mom, a call to a colleague, and a call to a
terrorist cell.  Context can reveal content – or at least create a strong
inference of content.  So, in appropriate cases involving terrorism, national
security or intelligence involving non-US persons, the NSA should have this
data.  And indeed, they always have.  None of that is new.


If the NSA captured a phone number, say 876-5309, they could demand the records
relating to that call from the phone company through an order issued by a
special super-secret court called FISC.  The order could say “give the NSA all
the records of phone usage of 867-5309 as well as the records of the numbers
that they called.”  Problem is, that is unwieldy, time consuming, requires a new
court order with each query, and in many ways overproduces records.  Remember,
not only are these terrorism and national security investigations, but the
target is a non-US person, usually (but not always) located outside the United
States.

The Fourth Amendment Provides:

The right of the people to be secure in their persons, houses, papers, and effects,
against unreasonable searches and seizures, shall not be violated, and no
warrants shall issue, but upon probable cause, supported by oath or affirmation,
and particularly describing the place to be searched, and the persons or things
to be seized.

Read that carefully.  You would think that it requires a warrant to search, right?
Wrong.  Actually, Courts interpret the comma after the word “violated” as a
semi-colon (who says grammar doesn’t matter?) “The people” which includes but is
not limited to U.S. citizens, have a right to be secure against unreasonable
searches and seizures (more on the “and”in a minute). Also, warrants have to be
issued by neutral magistrates and must specify what is to be seized.  So no
warrant is needed if the search is “reasonable.”  In fact, the vast majority of
“searches and seizures” in America are conducted without a warrant.  People are
searched at airports and borders.  No warrant.  They are patted down on the
streets and in their cars.  No warrant.  Cops look into their car windows,
follow them around, and capture video of them without a warrant.  Police
airplanes, helicopters (and soon drones) capture images of people in their back
yards or porches.  No warrant.  Dogs can sniff for drugs, bombs or contraband.
No warrant.  And people give consent to search without a warrant all the time.
When the police searched the boat for the fugitive Boston bomber, they needed no
warrant because of exigent circumstances (and perhaps because the boat’s owner
consented).  Warrantless searches can be “reasonable” and can pass
constitutional muster.


That’s one reason Congress created the FISC.  For law enforcement purposes (to catch
criminals) the government can get a grand jury subpoena, a search warrant, a
“trap and trace” order, a “pen register” order, a Title III wiretap order, or
other orders if they can show (depending on the information sought) probable
cause or some relevance to the criminal investigation.  But for intelligence
gathering purposes, the NSA can’t really show “probable cause” to believe that
there’s a crime, because often there is not.  It’s intelligence gathering.  So
the Foreign Intelligence Surveillance Act (FISA) created a special secret court
to allow the intelligence community to do what the law enforcement community
could already do – get information under a court order, but instead of showing
that a crime was committed, they had to show that the information related to
foreign intelligence.  After September 11, Congress added terrorism as well.  When
Congress amended FISA, it allowed the FISA court (FISC) to authorize orders for
the production of “books records or other documents”   Section 215 of the USA
PATRIOT Act http://www.law.cornell.edu/uscode/text/50/1861
   allowed the FBI to apply for an order to produce materials that assist in an
investigation undertaken to protect against international terrorism or
clandestine intelligence activities. The act specifically gives an example to
clarify what it means by "tangible things": it includes "books, records, papers,
documents, and other items".  Telephone metadata fits within this
description.

The NSA Telephony Program (As we know it)

So the NSA has the authority to seek and obtain (through the FBI and FISC)
telephone metadata.  It also has a legitimate need to do so.  But that’s not
exactly what they did here.

Instead of getting the records they needed, the NSA decided that it would get ALL the
records of ALL calls made or received (non-content information) about EVERYONE,
at least from Verizon, and most likely from all providers.  The demand was
updated daily, so every call record was dumped by the phone companies onto a
massive database operated by the NSA.

Now this is bad.  And good.  The good part is that, by collecting metadata from all
of the phone companies, the NSA could “normalize”and cross reference the data.
A single authorized search of the database could find records from Verizon,
AT&T, Sprint, T-Mobile, and possibly Orange, British Telecom, who knows?
Rather than having to have the FISC issue an order to Verizon for a phone
record, and then after that is examined, another order to AT&T, by having
the data all in one place, “pingable” by the NSA, a singly query can find all of
the records related to that query.  So if the FISC authorizes a search for Abu
Nazir’s phone records, this process allows the NSA to actually get them.  Also,
the NSA doesn’t have to provide a court order (which itself would reveal
classified information about who they were looking at) to some functionary at
Verizon or AT&T (even if that functionary had a security clearance).  And
Verizon’s database would not have a record of what FISC authorized searches the
NSA conducted – information which itself is highly classified.

Just because the NSA had all of the records does not mean that it looked at them all.
In fact, the NSA and FBI established a protocol, which was apparently approved
by the FISC that restricted how and when they could ping this massive database.
So the mere physical transfer of the metadata database from the phone companies
to the NSA doesn’t impinge privacy unless and until the NSA makes a query, and
these queries are all authorized by the FISC and are lawful.  So what’s the big
deal?  It’s all good, man.

General Warrant

Not so fast Mr. Schrodinger.  There are two HUGE legal problems with this program.
Undoubtedly, the USA PATRIOT Act authorizes the FISC to order production of
“tangible things” and these records are “tangible things.”  But the law does not
authorize what are called “general warrants.”  A general warrant is a warrant
that either fails to specify the items to be searched for or seized, fails to do
so with particularity, or is so broad or vague as to permit the person seizing
the items almost unfettered discretion in what to take.  A warrant which
permitted seizure of “all evidence of crimes” or “all evidence of gang activity”
http://www.law.cornell.edu/supremecourt/text/10-704would
be an unconstitutional general warrant. It’s important to note that the warrant
is “legal” in the sense that it was for information relevant to a crime (or, say
terrorism), that the obtaining of the warrant was authorized by law, that a
court issued the warrant, and that the proper procedures were followed.  But the
warrant is unconstitutional and so is the search and seizure.  This is
particularly true where the warrant seeks information that relates to First
Amdendment protected activities like what books we are reading, and with whom we
are associating. So when Texas authorized the search and seizure of records
relating to “communist activities”(the ism before terrorism) and a cops got a
warrant to take such books and records, the Supreme Court had no problem finding
that the warrant was an unconstitutional“general warrant.”http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=case&court=us&vol=379&invol=476

Even though the FISC warrant to Verizon specified exactly what was to be seized
(“everything”)it was undoubtedly a general warrant.  Remember, the Fourth
Amendment prohibits unreasonable “searches” AND “seizures.”  A warrant
authorizing seizure of all records of millions of people who did nothing wrong,
particularly when it is designed to figure out their associations is about as
general as you can get.  And that is assuming that the searches, or pinging to
the database, which happen later are reasonable.

What’s more, by taking custody of all of these records, the NSA abrogates the document
retention and destruction policies of all of the phone companies.  We can assume
that the NSA keeps these records indefinitely.  So long after Verizon decides it
doesn’t need to know what cell tower you pinged on July 4, 2005 at 6:15.22 PM
EST, the NSA will retain this record.  That’s a problem for the NSA because now,
instead of subpoenaing Verizon for these records (especially in a criminal case
where the defendant has a constitutional right to the records if relevant to a
defense), the NSA (or FBI who obtained the records for the NSA) can expect to
get a subpoena for the records.  While the NSA and FBI would undoubtedly claim
that the program is classified, clearly my own phone records are not classified.

A federal law called the Classified Information Procedures Act provides a
mechanism to obtain unclassified versions of classified data.  So if you were
charged with a crime by the FBI, and the same FBI had records (in this database)
that indicated that you did not commit the crime, they would have to search the
database and produce the records. http://supreme.justia.com/cases/federal/us/373/83/case.html
And when Verizon tells you that the records are gone, well… it aint true
anymore.

But wait, there’s more.  Even if the “seizure” is a general warrant, the government
would argue that it is “reasonable” because it is necessary to effectuate the
NSA’s function of protecting national security, and its impact on privacy is
minimal because the database isn’t “pinged” without court approval.  The
“collection” of data about tens of millions of Americans doesn’t affect their
privacy especially when the Supreme Court said that they have no privacy rights
in this data, and it doesn’t even belong to them. (Even though the Director of
National Intelligence testified in March that the NSA did not “collect” any data
on millions of Americans).  Besides, the NSA would argue, there is no other way
for the government to do this.

What does theNSA Do with the Records?

Here’s where there is an unknown.  At present, we do not know what the NSA does with
the telephone metadata database.  Do they simply query it – e.g., give me all
the records of calls made by Abu Nazir; or do they preform data mining, link
analysis, and pattern analysis on the database in order to identify potential
Abu Nazir’s?  If the latter, then the NSA is clearly searching records of
millions of Americans.  If the former, it is still troubling for a few
reasons.

Six Degrees of Separation

First, the NSA’s authority revolves around non-US persons.  While there may be
“inadvertent” collection on U.S. persons, the target of the surveillance must be
a non-US person in order for the program to be legal.  According to the leaked
documents, the NSA took a very liberal interpretation of what this means.
First, they determined that as long as there was a 51% chance that the target
was a non-US person, the NSA was entitled to obtain records.  Second, they may –
and I stress may – have interpreted their authority as providing that, if the
target of the investigation was foreign (again 51% chance) then they could
obtain records related to calls between two US persons wholly in the US.
Finally, they apparently deployed a “two degrees of separation” test.  If Abu
Nazir (51% foreign) called John Smith’s telephone number, the NSA could look at
who Smith (100% US) called within the US (first degree of separation).  If Smith
called Jones, the NSA could then look at Jones’ call records (second degree of
separation.)  At this point, even if the pinging of the database is authorized
by the FISC, we are a long way from Abu Nazir.  Toto, I’m afraid we ARE in
Kansas.

Writs of Assistance

OK, but what’s the big deal?  The seizure of the database is authorized by FISC,
under a statute approved by Congress, with Congressional knowledge and oversight
(maybe), and under strict control by both the NSA, the FBI and DOJ.  Every
search of the database is approved by the super-secret court, right?

Not so fast, Kemo Sabe.

It is highly unlikely that the FISC approves every database search.  More likely is
that the FBI and NSA have established protocols and procedures designed to
ensure that the searches are within their jurisdiction, are designed to find
information about terrorism and foreign intelligence, that the targets are (51%)
foreign, and that there is a minimization procedure.  These protocols –rather
than the individual searches themselves – are what are approved by the FISC.
The NSA then most likely reports back to the FISC (through the DOJ) about
whether there was an “inadvertent disclosure” of information not related to
these objectives.  So the court most likely does not approve every
search.

And that’s another problem.

You see, each “search”of the database is – well – a search.  That search must be
supported by probable cause (in a criminal case to believe that there’s a crime,
in a FISA case, espionage, foreign intelligence or terrorism) and must be
approved by a court.  Each search.  Not the process.

We have been down this road before.  In fact, this is precisely what lead to the
American Revolution in general and the Fourth Amendment in particular.  When the
British Parliament issued the Navigation Acts imposing tariffs on goods imported
into America, many colonists refused to pay them (as Boston lawyer James Otis
noted, “taxation without representation is tyranny”)  So Parliament authorized
King George II to issue what are called “writs of assistance.”  This writ,
issued by a Court, authorized the executive branch (a customhouse officer with
the assistance of the sheriff) to search colonists houses for unlawfully
smuggled items.  These writs did not specify what the sheriff could search for
or seize, or where he could look.  They did specify what he could look for.
Like the NSA program, the court approved what could be done, the executive had
discretion in how to do it.  When George II was succeeded by George III (the
writs expiring with the death of the King) Parliament reauthorized them under
the hated Townsend Acts.  James Otis urged resistance, and it was the use of
these unspecific writs authorizing searches that galvanized public opinion (and
that of John Adams in particular) to urge revolution.  It is why the Fourth
Amendment demanded that a search warrant specify based on probable cause, the
specific place to be searched and item to be seized.  It’s also why writs of
assistance are prohibited in the constitution.

The NSA FISC approved searches would be like a judge in Los Angeles issuing a search
warrant to the LAPD which said, “you may search any house as long as you smell
marijuana in that house.”  While the search may be reasonable, and indeed, if
the LAPD had applied for a warrant to search a house after they smelled
marijuana a court probably would have issued the warrant, the broad blanket
approval of these searches would be more akin to a wit of assistance.
  
So the NSA digital telephony program, while legal in the sense that it was approved
by both Congress and the Foreign Intelligence Surveillance Court, has some
serious Constitutional problems.

Telephone Company Liability?

The phone companies could be on the hook for participating in the program, even
though they both have immunity and had no choice but to participate.  In fact,
they could not legally have even disclosed the program.  In the FISA amendments,
Congress expressly gave the phone companies immunity for making “good faith”
disclosures of information pursuant to Section 215. http://www.law.cornell.edu/uscode/text/50/1861
So why would the phone company be in trouble?

The problem is the “good faith” part.

In 2012 the Supreme Court looked at the question of when someone (cops in that
case) should have immunity for a good faith search pursuant to an
unconstitutional warrant.  http://www.law.cornell.edu/supremecourt/text/10-704
   The cops got a warrant for all records of “gang related activity” and all guns
in a particular house.  The court agreed that the warrant was overbroad,
unconstitutional, and should not have been issued.  The question was whether the
cops, who executed the warrant, should have immunity from civil liability
because they acted in “good faith.”  The Supreme Court noted that the fact that
they got a warrant at all was one indication that they acted in good faith, but
that, “the fact that a neutral magistrate has issued a warrant authorizing
the allegedly unconstitutional search or seizure does not end the inquiry into
objective reasonableness. Rather, we have recognized an exception allowing suit
when “it is obvious that no reasonably competent officer would have concluded
that a warrant should issue.”  In other words, the cops are
generally permitted to rely on the fact that a court issued a search warrant,
unless the warrant itself (or the means by which it is procured) is so obviously
unconstitutional, overbroad, general or otherwise prohibited that you cannot, in
good faith rely on it.  While the court found that the cops had immunity because
the warrant was not so overbroad to lead to the inevitable conclusion that it
was unconstitutional, it is hard to make that same argument where the FISA
warrant essentially asked for every record of the phone company.  Hard to
imagine a broader warrant.  Justice Kagan pointed out that it’s not illegal to
be a member of a gang, and that a warrant that authorized seizure of evidence of
gang membership per se called for associational records which were protected.
Much like the phone logs here.  Justices Sotomayor and Ginsburg went further
noting,

The fundamental purpose of the Fourth Amendment’s warrant clause is “to protect against all general
searches.” Go-Bart Importing Co. v. United States, 282 U. S.
344, 357 (1931) . The Fourth Amendment was adopted specifically in response to
the Crown’s practice of using general warrants and writs of assistance to search
“suspected places” for evidence of smuggling, libel, or other crimes. Boyd v.
United States, 116 U. S. 616–626 (1886). Early patriots railed against these practices as
“the worst instrument of arbitrary power” and John Adams later claimed that “the
child Independence was born” from colonists’opposition to their use. Id., at 625
(internal quotation marks omitted).

To prevent the issue of general warrants on “loose, vague or doubtful bases of
fact,” Go-Bart Importing Co., 282 U. S., at 357, the Framers established the
inviolable principle that should resolve this case: “no Warrants shall issue,
but upon probable cause . . . and particularly describing the . . . things to be
seized.” U. S. Const., Amdt. 4. That is, the police must articulate an adequate
reason to search for specific items related to specific crimes.


They found that the search by the police without probable cause was unreasonable even
though there was both judicial and executive oversight, and that therefore there
should be no immunity because the actions were not in “good faith.”  The phone
companies run that risk here.

Next article… The Prism!






More information about the liberationtech mailing list