[liberationtech] Schrodinger’s Catnip: Questions & Answers on NSA Data Collection

Fri Jun 14 12:15:09 PDT 2013

Excellent analysis! Much thanks!

On Thu, Jun 13, 2013 at 11:09 PM, Yosem Companys <companys at stanford.edu>wrote:

> From: Mark Rasch <mdrasch at AOL.COM>
>
> Schrodinger’s Catnip
>
> DISCLAIMER: I know nothing about the NSA surveillance programs other
> than what I read in the papers.  Thus, my legal analysis of the
> program may be completely wrong, since they are highly fact dependent.
>
> The NSA programs to retrieve and analyze telephone metadata and
> internet communications and files (the former I will call the
> telephony program, the latter codenamed PRISM) are at one and the same
> time narrow and potentially reasonably designed programs aimed at
> obtaining potentially useful information within the scope of the
> authority granted by Congress.  They are, at one and the same time
> perfectly legal and grossly unconstitutional.  It’s not that I am of
> two opinions about these programs.  It is that the character of these
> programs are such that they have both characteristics at the same
> time.  Like Schrodinger’s cat, they are both alive and dead at the
> same time – and a further examination destroys the experiment.
>
> Let’s look at the telephony program first.  Telephone companies, in
> addition to providing services, collect a host of information about
> the customer including their name, address, billing and payment
> information (including payment method, payment history, etc.).  When
> the telephone service is used, the phone company collects records of
> when, where and how it was used – calls made (or attempted), received,
> telephone numbers, duration of calls, time of day of calls, location
> of the phones from which the calls were made,  and other information
> you might find on your telephone bill.  In addition, the phone company
> may collect certain technical information – for example, if you use a
> cell phone, the location of the cell from which the call was made, and
> the signal strength to that cell tower or others.  From this signal
> strength, the phone company can tell reasonably precisely where the
> caller is physically located (whether they are using the phone or not)
> even if the phone does not have GPS.  In fact, that is one of the ways
> that the Enhanced 911 service can locate callers.
>
> The phone company creates these records for its own business purposes.
>  It used to collect this primarily for billing, but with unlimited
> landline calling, that need has diminished.  However, the phone
> companies still collect this data to do network engineering, load
> balancing and other purposes.  They have data retention and
> destruction policies which may keep the data for as short as a few
> days, or as long as several years, depending on the data.  Similar
> “metadata” or non-content information is collected about other uses of
> the telephone networks, including SMS message headers and routing
> information.
>
> Continuing with the Schrödinger analogy, the law says that this is
> private personal information, which the consumer does not own and for
> which the consumer has no expectation of privacy.  Is that clear?
> Federal law http://www.law.cornell.edu/uscode/text/47/222 calls this
> telephone metadata “Consumer Proprietary Network Information” or CPNI.
>  47 U.S.C. 222 (c)(1) provides that:
>
> Except as required by law or with the approval of the customer, a
> telecommunications carrier that receives or obtains customer
> proprietary network information by virtue of its provision of a
> telecommunications service shall only use, disclose, or permit access
> to individually identifiable customer proprietary network information
> in its provision of (A) the telecommunications service from which such
> information is derived, or (B) services necessary to, or used in, the
> provision of such telecommunications service, including the publishing
> of directories.
>
> Surprisingly, the exceptions to this prohibition do not include a
> specific “law enforcement” or “authorized intelligence activity”
> exception.  Thus, if the disclosure of consumer CPNI to the NSA under
> the telephony program is “required by law” then the phone company can
> do it.  If not, it can’t.  But wait, there’s more.
>
> At the same time that the law says that consumer’s telephone metadata
> is private, it also says that consumers have no expectation of privacy
> in that data.  In a landmark 1979  decision,
> http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=442&invol=735
> the United States Supreme Court held that the government could use a
> simple subpoena (rather than a search warrant) to obtain the telephone
> billing records of a consumer.  See, these aren’t the consumer’s
> records.  They are the phone company’s records.  The Court noted, “we
> doubt that people in general entertain any actual expectation of
> privacy in the numbers they dial. All telephone users realize that
> they must "convey" phone numbers to the telephone company, since it is
> through telephone company switching equipment that their calls are
> completed. All subscribers realize, moreover, that the phone company
> has facilities for making permanent records of the numbers they dial,
> for they see a list of their long-distance (toll) calls on their
> monthly bills.”  The court went on, “even if petitioner did harbor
> some subjective expectation that the phone numbers he dialed would
> remain private, this expectation is not "one that society is prepared
> to recognize as `reasonable.'”  By trusting the phone company with the
> records of the call, consumers “assume the risk” that the third party
> will disclose it.  The Court explained, “petitioner voluntarily
> conveyed to it information that it had facilities for recording and
> that it was free to record. In these circumstances, petitioner assumed
> the risk that the information would be divulged to police.”
>
> This dichotomy is not surprising.  The Supreme Court held that, as a
> matter of Constitutional law, any time you trust a third party, you
> run the risk that the information will be divulged.  Prosecutors and
> litigants subpoena third party information all the time – your phone
> bills, your medical records, credit card receipts, bank records,
> surveillance camera data, and records from your mechanic – just about
> anything.  These are not your records, so you can’t complain.  At the
> same time, Congress was concerned with phone company’s use of CPNI for
> marketing purposes without consumer consent, so they imposed statutory
> restrictions on the disclosure or use of CPNI unless “required by
> law.”
>
> Enter the NSA.
>
> There is little doubt that telephony metadata can be useful in foreign
> intelligence and terrorism cases.  Hell, it can be useful in any
> criminal investigation, or for that matter civil or administrative
> case.  But if the CIA obtains the phone records of, say Abu Nazir (for
> Homeland fans), and spots a phone number he has called, they, through
> the NSA want to be able to find out information about that phone call,
> and who that person called.  The NSA wants this data for precisely the
> same reason that it is legally protected – phone metadata reveals
> patterns which can show relationships between people, and help
> determine who is associated with whom and for what purpose.  Metadata
> and link analysis can help distinguish between a call to mom, a call
> to a colleague, and a call to a terrorist cell.  Context can reveal
> content – or at least create a strong inference of content.  So, in
> appropriate cases involving terrorism, national security or
> intelligence involving non-US persons, the NSA should have this data.
> And indeed, they always have.  None of that is new.
>
> If the NSA captured a phone number, say 876-5309, they could demand
> the records relating to that call from the phone company through an
> order issued by a special super-secret court called FISC.  The order
> could say “give the NSA all the records of phone usage of 867-5309 as
> well as the records of the numbers that they called.”  Problem is,
> that is unwieldy, time consuming, requires a new court order with each
> query, and in many ways overproduces records.  Remember, not only are
> these terrorism and national security investigations, but the target
> is a non-US person, usually (but not always) located outside the
> United States.
>
> The Fourth Amendment provides:
>
> The right of the people to be secure in their persons, houses, papers,
> and effects, against unreasonable searches and seizures, shall not be
> violated, and no warrants shall issue, but upon probable cause,
> supported by oath or affirmation, and particularly describing the
> place to be searched, and the persons or things to be seized.
>
> Read that carefully.  You would think that it requires a warrant to
> search, right? Wrong.  Actually, Courts interpret the comma after the
> word “violated” as a semi-colon (who says grammar doesn’t matter?)
> “The people” which includes but is not limited to U.S. citizens, have
> a right to be secure against unreasonable searches and seizures (more
> on the “and” in a minute). Also, warrants have to be issued by neutral
> magistrates and must specify what is to be seized.  So no warrant is
> needed if the search is “reasonable.”  In fact, the vast majority of
> “searches and seizures” in America are conducted without a warrant.
> People are searched at airports and borders.  No warrant.  They are
> patted down on the streets and in their cars.  No warrant.  Cops look
> into their car windows, follow them around, and capture video of them
> without a warrant.  Police airplanes, helicopters (and soon drones)
> capture images of people in their back yards or porches.  No warrant.
> Dogs can sniff for drugs, bombs or contraband.  No warrant.  And
> people give consent to search without a warrant all the time.  When
> the police searched the boat for the fugitive Boston bomber, they
> needed no warrant because of exigent circumstances (and perhaps
> because the boat’s owner consented).  Warrantless searches can be
> “reasonable” and can pass constitutional muster.
>
> That’s one reason Congress created the FISC.  For law enforcement
> purposes (to catch criminals) the government can get a grand jury
> subpoena, a search warrant, a “trap and trace” order, a “pen register”
> order, a Title III wiretap order, or other orders if they can show
> (depending on the information sought) probable cause or some relevance
> to the criminal investigation.  But for intelligence gathering
> purposes, the NSA can’t really show “probable cause” to believe that
> there’s a crime, because often there is not.  It’s intelligence
> gathering.  So the Foreign Intelligence Surveillance Act (FISA)
> created a special secret court to allow the intelligence community to
> do what the law enforcement community could already do – get
> information under a court order, but instead of showing that a crime
> was committed, they had to show that the information related to
> foreign intelligence.  After September 11, Congress added terrorism as
> well.  When Congress amended FISA, it allowed the FISA court (FISC) to
> authorize orders for the production of “books records or other
> documents”   Section 215 of the USA PATRIOT Act
> http://www.law.cornell.edu/uscode/text/50/1861  allowed the FBI to
> apply for an order to produce materials that assist in an
> investigation undertaken to protect against international terrorism or
> clandestine intelligence activities. The act specifically gives an
> example to clarify what it means by "tangible things": it includes
> "books, records, papers, documents, and other items".  Telephone
> metadata fits within this description.
>
> The NSA Telephony Program (As we know it)
>
> So the NSA has the authority to seek and obtain (through the FBI and
> FISC) telephone metadata.  It also has a legitimate need to do so.
> But that’s not exactly what they did here.
>
> Instead of getting the records they needed, the NSA decided that it
> would get ALL the records of ALL calls made or received (non-content
> information) about EVERYONE, at least from Verizon, and most likely
> from all providers.  The demand was updated daily, so every call
> record was dumped by the phone companies onto a massive database
> operated by the NSA.
>
> Now this is bad.  And good.  The good part is that, by collecting
> metadata from all of the phone companies, the NSA could “normalize”
> and cross reference the data.  A single authorized search of the
> database could find records from Verizon, AT&T, Sprint, T-Mobile, and
> possibly Orange, British Telecom, who knows?  Rather than having to
> have the FISC issue an order to Verizon for a phone record, and then
> after that is examined, another order to AT&T, by having the data all
> in one place, “pingable” by the NSA, a singly query can find all of
> the records related to that query.  So if the FISC authorizes a search
> for Abu Nazir’s phone records, this process allows the NSA to actually
> get them.  Also, the NSA doesn’t have to provide a court order (which
> itself would reveal classified information about who they were looking
> at) to some functionary at Verizon or AT&T (even if that functionary
> had a security clearance).  And Verizon’s database would not have a
> record of what FISC authorized searches the NSA conducted –
> information which itself is highly classified.
>
> Just because the NSA had all of the records does not mean that it
> looked at them all.  In fact, the NSA and FBI established a protocol,
> which was apparently approved by the FISC that restricted how and when
> they could ping this massive database.  So the mere physical transfer
> of the metadata database from the phone companies to the NSA doesn’t
> impinge privacy unless and until the NSA makes a query, and these
> queries are all authorized by the FISC and are lawful.  So what’s the
> big deal?  It’s all good, man.
>
> General Warrant
>
> Not so fast Mr. Schrodinger.  There are two HUGE legal problems with
> this program.  Undoubtedly, the USA PATRIOT Act authorizes the FISC to
> order production of “tangible things” and these records are “tangible
> things.”  But the law does not authorize what are called “general
> warrants.”  A general warrant is a warrant that either fails to
> specify the items to be searched for or seized, fails to do so with
> particularity, or is so broad or vague as to permit the person seizing
> the items almost unfettered discretion in what to take.  A warrant
> which permitted seizure of “all evidence of crimes” or “all evidence
> of gang activity” http://www.law.cornell.edu/supremecourt/text/10-704
> would be an unconstitutional general warrant. It’s important to note
> that the warrant is “legal” in the sense that it was for information
> relevant to a crime (or, say terrorism), that the obtaining of the
> warrant was authorized by law, that a court issued the warrant, and
> that the proper procedures were followed.  But the warrant is
> unconstitutional and so is the search and seizure.  This is
> particularly true where the warrant seeks information that relates to
> First Amdendment protected activities like what books we are reading,
> and with whom we are associating. So when Texas authorized the search
> and seizure of records relating to “communist activities” (the ism
> before terrorism) and a cops got a warrant to take such books and
> records, the Supreme Court had no problem finding that the warrant was
> an unconstitutional “general
> warrant.”
> http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=case&court=us&vol=379&invol=476
>
>
>
> Even though the FISC warrant to Verizon specified exactly what was to
> be seized (“everything”) it was undoubtedly a general warrant.
> Remember, the Fourth Amendment prohibits unreasonable “searches” AND
> “seizures.”  A warrant authorizing seizure of all records of millions
> of people who did nothing wrong, particularly when it is designed to
> figure out their associations is about as general as you can get.  And
> that is assuming that the searches, or pinging to the database, which
> happen later are reasonable.
>
>
>
> What’s more, by taking custody of all of these records, the NSA
> abrogates the document retention and destruction policies of all of
> the phone companies.  We can assume that the NSA keeps these records
> indefinitely.  So long after Verizon decides it doesn’t need to know
> what cell tower you pinged on July 4, 2005 at 6:15.22 PM EST, the NSA
> will retain this record.  That’s a problem for the NSA because now,
> instead of subpoenaing Verizon for these records (especially in a
> criminal case where the defendant has a constitutional right to the
> records if relevant to a defense), the NSA (or FBI who obtained the
> records for the NSA) can expect to get a subpoena for the records.
> While the NSA and FBI would undoubtedly claim that the program is
> classified, clearly my own phone records are not classified.  A
> federal law called the Classified Information Procedures Act provides
> a mechanism to obtain unclassified versions of classified data.  So if
> you were charged with a crime by the FBI, and the same FBI had records
> (in this database) that indicated that you did not commit the crime,
> they would have to search the database and produce the records.
> http://supreme.justia.com/cases/federal/us/373/83/case.html   And when
> Verizon tells you that the records are gone, well… it aint true
> anymore.
>
> But wait, there’s more.  Even if the “seizure” is a general warrant,
> the government would argue that it is “reasonable” because it is
> necessary to effectuate the NSA’s function of protecting national
> security, and its impact on privacy is minimal because the database
> isn’t “pinged” without court approval.  The “collection” of data about
> tens of millions of Americans doesn’t affect their privacy especially
> when the Supreme Court said that they have no privacy rights in this
> data, and it doesn’t even belong to them. (Even though the Director of
> National Intelligence testified in March that the NSA did not
> “collect” any data on millions of Americans).  Besides, the NSA would
> argue, there is no other way for the government to do this.
>
> What does the NSA Do with the Records?
>
> Here’s where there is an unknown.  At present, we do not know what the
> NSA does with the telephone metadata database.  Do they simply query
> it – e.g., give me all the records of calls made by Abu Nazir; or do
> they preform data mining, link analysis, and pattern analysis on the
> database in order to identify potential Abu Nazir’s?  If the latter,
> then the NSA is clearly searching records of millions of Americans.
> If the former, it is still troubling for a few reasons.
>
> Six Degrees of Separation
>
> First, the NSA’s authority revolves around non-US persons.  While
> there may be “inadvertent” collection on U.S. persons, the target of
> the surveillance must be a non-US person in order for the program to
> be legal.  According to the leaked documents, the NSA took a very
> liberal interpretation of what this means.  First, they determined
> that as long as there was a 51% chance that the target was a non-US
> person, the NSA was entitled to obtain records.  Second, they may –
> and I stress may – have interpreted their authority as providing that,
> if the target of the investigation was foreign (again 51% chance) then
> they could obtain records related to calls between two US persons
> wholly in the US.  Finally, they apparently deployed a “two degrees of
> separation” test.  If Abu Nazir (51% foreign) called John Smith’s
> telephone number, the NSA could look at who Smith (100% US) called
> within the US (first degree of separation).  If Smith called Jones,
> the NSA could then look at Jones’ call records (second degree of
> separation.)  At this point, even if the pinging of the database is
> authorized by the FISC, we are a long way from Abu Nazir.  Toto, I’m
> afraid we ARE in Kansas.
>
> Writs of Assistance
>
> OK, but what’s the big deal?  The seizure of the database is
> authorized by FISC, under a statute approved by Congress, with
> Congressional knowledge and oversight (maybe), and under strict
> control by both the NSA, the FBI and DOJ.  Every search of the
> database is approved by the super-secret court, right?
>
> Not so fast, Kemo Sabe.
>
> It is highly unlikely that the FISC approves every database search.
> More likely is that the FBI and NSA have established protocols and
> procedures designed to ensure that the searches are within their
> jurisdiction, are designed to find information about terrorism and
> foreign intelligence, that the targets are (51%) foreign, and that
> there is a minimization procedure.  These protocols – rather than the
> individual searches themselves – are what are approved by the FISC.
> The NSA then most likely reports back to the FISC (through the DOJ)
> about whether there was an “inadvertent disclosure” of information not
> related to these objectives.  So the court most likely does not
> approve every search.
>
> And that’s another problem.
>
> You see, each “search” of the database is – well – a search.  That
> search must be supported by probable cause (in a criminal case to
> believe that there’s a crime, in a FISA case, espionage, foreign
> intelligence or terrorism) and must be approved by a court.  Each
> search.  Not the process.
>
> We have been down this road before.  In fact, this is precisely what
> lead to the American Revolution in general and the Fourth Amendment in
> particular.  When the British Parliament issued the Navigation Acts
> imposing tariffs on goods imported into America, many colonists
> refused to pay them (as Boston lawyer James Otis noted, “taxation
> without representation is tyranny”)  So Parliament authorized King
> George II to issue what are called “writs of assistance.”  This writ,
> issued by a Court, authorized the executive branch (a customhouse
> officer with the assistance of the sheriff) to search colonists houses
> for unlawfully smuggled items.  These writs did not specify what the
> sheriff could search for or seize, or where he could look.  They did
> specify what he could look for.  Like the NSA program, the court
> approved what could be done, the executive had discretion in how to do
> it.  When George II was succeeded by George III (the writs expiring
> with the death of the King) Parliament reauthorized them under the
> hated Townsend Acts.  James Otis urged resistance, and it was the use
> of these unspecific writs authorizing searches that galvanized public
> opinion (and that of John Adams in particular) to urge revolution.  It
> is why the Fourth Amendment demanded that a search warrant specify
> based on probable cause, the specific place to be searched and item to
> be seized.  It’s also why writs of assistance are prohibited in the
> constitution.
>
> The NSA FISC approved searches would be like a judge in Los Angeles
> issuing a search warrant to the LAPD which said, “you may search any
> house as long as you smell marijuana in that house.”  While the search
> may be reasonable, and indeed, if the LAPD had applied for a warrant
> to search a house after they smelled marijuana a court probably would
> have issued the warrant, the broad blanket approval of these searches
> would be more akin to a wit of assistance.
>
> So the NSA digital telephony program, while legal in the sense that it
> was approved by both Congress and the Foreign Intelligence
> Surveillance Court, has some serious Constitutional problems.
>
> Telephone Company Liability?
>
> The phone companies could be on the hook for participating in the
> program, even though they both have immunity and had no choice but to
> participate.  In fact, they could not legally have even disclosed the
> program.  In the FISA amendments, Congress expressly gave the phone
> companies immunity for making “good faith” disclosures of information
> pursuant to Section 215.
> http://www.law.cornell.edu/uscode/text/50/1861  So why would the phone
> company be in trouble?
>
>
>
> The problem is the “good faith” part.
>
> In 2012 the Supreme Court looked at the question of when someone (cops
> in that case) should have immunity for a good faith search pursuant to
> an unconstitutional warrant.
> http://www.law.cornell.edu/supremecourt/text/10-704  The cops got a
> warrant for all records of “gang related activity” and all guns in a
> particular house.  The court agreed that the warrant was overbroad,
> unconstitutional, and should not have been issued.  The question was
> whether the cops, who executed the warrant, should have immunity from
> civil liability because they acted in “good faith.”  The Supreme Court
> noted that the fact that they got a warrant at all was one indication
> that they acted in good faith, but that, “the fact that a neutral
> magistrate has issued a warrant authorizing the allegedly
> unconstitutional search or seizure does not end the inquiry into
> objective reasonableness. Rather, we have recognized an exception
> allowing suit when “it is obvious that no reasonably competent officer
> would have concluded that a warrant should issue.”  In other words,
> the cops are generally permitted to rely on the fact that a court
> issued a search warrant, unless the warrant itself (or the means by
> which it is procured) is so obviously unconstitutional, overbroad,
> general or otherwise prohibited that you cannot, in good faith rely on
> it.  While the court found that the cops had immunity because the
> warrant was not so overbroad to lead to the inevitable conclusion that
> it was unconstitutional, it is hard to make that same argument where
> the FISA warrant essentially asked for every record of the phone
> company.  Hard to imagine a broader warrant.  Justice Kagan pointed
> out that it’s not illegal to be a member of a gang, and that a warrant
> that authorized seizure of evidence of gang membership per se called
> for associational records which were protected.  Much like the phone
> logs here.  Justices Sotomayor and Ginsburg went further noting,
>
> The fundamental purpose of the Fourth Amendment’s warrant clause is
> “to protect against all general searches.” Go-Bart Importing Co. v.
> United States, 282 U. S. 344, 357 (1931) . The Fourth Amendment was
> adopted specifically in response to the Crown’s practice of using
> general warrants and writs of assistance to search “suspected places”
> for evidence of smuggling, libel, or other crimes. Boyd v. United
> States, 116 U. S. 616–626 (1886). Early patriots railed against these
> practices as “the worst instrument of arbitrary power” and John Adams
> later claimed that “the child Independence was born” from colonists’
> opposition to their use. Id., at 625 (internal quotation marks
> omitted).
>
> To prevent the issue of general warrants on “loose, vague or doubtful
> bases of fact,” Go-Bart Importing Co., 282 U. S., at 357, the Framers
> established the inviolable principle that should resolve this case:
> “no Warrants shall issue, but upon probable cause . . . and
> particularly describing the . . . things to be seized.” U. S. Const.,
> Amdt. 4. That is, the police must articulate an adequate reason to
> search for specific items related to specific crimes.
>
> They found that the search by the police without probable cause was
> unreasonable even though there was both judicial and executive
> oversight, and that therefore there should be no immunity because the
> actions were not in “good faith.”  The phone companies run that risk
> here.
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

-- 
Bambi
http://BambisMusings.WordPress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130614/daac5f0a/attachment.html>