Another FISC judge: “NSA exceeded the scope of authorized acquisition continuously”
Judge: “NSA exceeded the scope of authorized acquisition continuously”
New declassifed documents show legal arguments over bulk metadata collection.
by Cyrus Farivar – Nov 19 2013, 1:36am EST
Yet another Foreign Intelligence Surveillance Court (FISC) judge has blasted United States government and intelligence officials for disregarding the court’s guidelines for domestic surveillance of American e-mail metadata traffic, a program that ran for around a decade before ending in 2011.
“As noted above, [National Security Agency’s] record of compliance with these rules has been poor,” wrote Judge John D. Bates, in a 117-page opinion (PDF) whose date was redacted. The opinion is one of was just one of a series of documents released and declassified late Monday evening by the Office of the Director of National Intelligence (ODNI).
“Most notably, NSA generally disregarded the special rules for disseminating United States person information outside of NSA until it was ordered to report such disseminations and certify to the FISC that the required approval had been approved. The government has provided no meaningful explanation why these violations occurred, but it seems likely that widespread ignorance of the rules was a contributing factor.”
The documents, which include annual reports from the Attorney General to Congress, memos, presentations, and training documents, were released in relation to an Electronic Frontier Foundation lawsuit. The second batch was released in September 2013, and the first in August 2013. In total, ODNI says it has now released nearly 2,000 new documents in recent months.
“Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States,” James Clapper, the head of the ODNI, wrote on Monday.
“Additionally, they demonstrate the extent to which the Intelligence Community kept both Congress and the Foreign Intelligence Surveillance Court apprised of the status of the collection program under Section 215 [of the Patriot Act]. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed.”
The Bates opinion is the second of the two most revealing documents in this new tranche. The first, written by FISC Judge Colleen Kollar-Kotelly, responds to a government request that allows the NSA to use pen register and trap and trace devices (“pen/trap devices”) as a way to access metadata on electronic communication. She granted approval for the bulk surveillance, but laid out specific guidelines.
The subsequent second FISC opinion, authored by Judge Bates, is in response to a government request that aimed to expand the metadata collection program by “11-24 times.” Bates slams the government for not adhering to its guidelines, but “reluctantly” allows them to continue, citing deference to the Executive Branch (and intelligence agencies, like the NSA, whose powers are granted through the Reagan-era Executive Order 12333). In the opinion, Judge Bates appears unwilling or unable to meaningfully punish any government officials despite clear violations of the court’s prior orders.
“I see a lot of similarities between the Bates opinion and the Walton opinion,” Mark Rumold, a staff attorney at the Electronic Frontier Foundation, told Ars. Rumold was referring to a 2009 opinion by FISC Judge Reggie Walton, who equally lambasted the government.
“It’s essentially the same thing, FISC taking NSA and [the Department of Justice] to task for violating their orders, for accessing more information than they were allowed to access under the orders and laying out under the ways that they had violated the court’s orders, [but then] letting them continue,” Rumold added. “The executive branch has pushed the judiciary so far and hopefully now we’re at that tipping point that the judiciary is comfortable with and they’ll start pushing back on executive misrepresentations.”
Not your father’s pen/trap application
The Kollar-Kotelly opinion (PDF) describes her response to a government application that “seeks authority for a much broader type of collection than other pen register/trap and trace applications,” compared to what had previously been done before.
As we’ve reported in the past, pen/trap devices are a type of legal order that has recently skyrocketed in use in the US. Originally designed to apply to telephone companies, they are now being increasingly applied to tech companies as a way to capture user metadata, too. Of the total number of American law enforcement orders that it received in six months, Google said recently that 2 percent of those were pen/trap orders.
Applied to a Google user, for example, a pen register would likely record who that user was sending e-mail to. A corresponding “trap and trace order” would likely include metadata from e-mails received, likely including date, time, IP address, and other routing information. It could also include attachments, and perhaps even—if broadly interpreted enough—anything but the actual content of an e-mail. Secure e-mail service Lavabit recently received such an order prior to its shutdown.
In the Monday night Tumblr post, the ODNI defined this program this way: