Tag Archives: Charlie Savage

As encryption debate heats up, experts dissect Obama's surveillance policies - Daily Dot 20160408

As encryption debate heats up, experts dissect Obama's surveillance policies - Daily Dot 20160408

When FBI Director James Comey told an audience at Kenyon College on Wednesday that Americans should reconsider the value of unbreakable encryption in a world of persistent threats, he was addressing a conflict far broader than whether his agency could unlock a suspect's iPhone. He was wading into a debate over the course of national-security law that has emerged as one of the central conflicts of post-9/11 America.

On Friday morning, in one of the final events of Kenyon's biennial political-science conference, a panel of experts discussed the national-security approaches of Presidents George W. Bush and Barack Obama; the relationship between federal laws and local police practices; and the rhetoric of officials, like Comey, who consistently push for broader government power.

Charlie Savage, a national-security reporter at the New York Times, opened the discussion by recounting a discussion he had had with Greg Craig, President Obama's first White House counsel, about Obama's decision to preserve—and in some cases expand—the far-reaching surveillance state he inherited from President Bush. As Craig explained it, Obama's lawyers heard from the leaders of the intelligence community that the government's programs were both necessary and legal, and they stopped there.

“They didn’t ask, ‘Is this American?’” Savage said. The Obama team, intent on rectifying the perceived lawlessness and rhetorical overreach of the Bush administration, focused on grounding everything the government did in the law—brushing aside many civil-liberties questions, including whether a program comported with American traditions of liberty.

In his remarks at Kenyon, Savage reiterated the argument he made in his 2015 book Power Wars, about the difference between rule-of-law and civil-liberties critiques of national-security policy. When Obama’s liberal critics accused him of acting like Bush on surveillance issues, they meant it in a civil-liberties context. Obama's officials, Savage said, rejected this criticism because they were looking at things through a rule-of-law prism—and in that context, they believed, they were nothing like the Bush officials, who championed controversial legal theories about the commander-in-chief being able to override statutes in the name of national security.

Jameel Jaffer, deputy legal director at the American Civil Liberties Institute, took issue with Savage's framing and presented a different view of two ways to criticize national-security policy. Some people, he said, were concerned with how the Bush administration saw the relations between the branches of government (namely that Bush, as president, could trump Congress and the courts in national-security areas). Others were worried about how Bush's programs changed the relationship between government and citizenry.

People cared that Congress and courts weren’t involved in Bush's original warrantless-surveillance and military-detention programs, Jaffer said, but they cared more about the impact of those programs on their lives.

Jaffer's view was that the Obama administration “found statutory arguments to get to more or less the same place” as Bush on many national-security issues. Thus, he said, they could not be praised for caring more about the rule of law, per se, because, in his view, they simply construed the language of the laws to suit their policy goals.

When an administration essentially twists statutory language to permit it to do whatever it wants, Jaffer said, “the phrase ‘rule-of-law’ doesn’t fit comfortably with what you are actually doing.”

Chris Calabrese, vice president for policy at the Center for Democracy and Technology, agreed that Obama had “essentially ratified” Bush-era programs by declining to end them upon assuming office. What's more, Calabrese said, Obama's approval made the programs bipartisan, shielding them from many common political accusations while normalizing surveillance practices that, he said, would have appalled people had they foreseen them in 2002.

Calabrese also expanded the conversation to the state and local level. While the federal government develops technology like Stingray devices and policies like mass surveillance, local police often adopt these tools for their own work. Lawmakers, said Calabrese, must place the limits on these approaches, because at the investigative level, police will always do the most they can do; that is, after all, their job.

This interplay between federal and local tactics can profoundly affect a citizen's relationship with her government. Calabrese described a technique called "parallel construction," in which a spy agency learns something incriminating about an American and tells a law-enforcement agency how to discover it in a "clean" way that will be admissible in court. Americans arrested for crimes discovered in this manner cannot contest the real methods used to discover them, because those exist within national agencies that are subject to different rules.

Julian Sanchez, a senior fellow at the libertarian Cato Institute, sharply criticized Comey's Wednesday night remarks about encryption and its effects on investigative practices.

Comey was “rhetorically really masterful,” he said, using measured language to urge people to accept the need for a new “balance” between individual rights and government demands. By casting this balanced approach as the only rational one, Sanchez said, Comey implicitly characterized the status quo—itself the result of decades of laws and exemptions—as “absolutist.”

As an example, Sanchez noted that Comey had mentioned the Communications Assistance for Law Enforcement Act of 1994, which required companies to be able to comply with wiretaps but specifically excluded situations where companies did not control the ability to decrypt communications. Instead of accepting that CALEA was the result of a political compromise, Comey characterized it and the resulting legal environment as an absolutist position in favor of privacy.

Sanchez urged the audience to worry about this argument, saying that, when policymakers who grow uncomfortable with current surveillance law describe it as unacceptable and in need of rebalancing, this produces a “ratcheting toward ever-greater surveillance.”

"Architectures are stickier than rules," Sanchez said. “The architecture we construct on the premise that the legal restrictions on it will inhibit its use will outlast those rules. The rules can change much faster than the architecture.”

N.S.A. Gets Less Web Data Than Believed, Report Suggests - The New York Times 20160217

N.S.A. Gets Less Web Data Than Believed, Report Suggests - The New York Times 20160217

A newly declassified report by the National Security Agency’s inspector general suggests that the government is receiving far less data from Americans’ international Internet communications than privacy advocates have long suspected.

The report indicates that when the N.S.A. conducts Internet surveillance under the FISA Amendments Act, companies that operate the Internet are probably turning over just emails to, from or about the N.S.A.’s foreign targets — not all the data crossing their switches, as the critics had presumed.

The theory that the government is rooting through vast amounts of data for its targets’ messages has been at the heart of several lawsuits challenging such surveillance as violating the Fourth Amendment.

The report, obtained by The New York Times through a Freedom of Information Act lawsuit, was classified when completed in 2015, and it still contains many redactions. But several uncensored sentences appear to indicate how the system works: They suggest that the government supplies its foreign targets’ “selectors” — like email addresses — to the network companies that operate the Internet, and they sift through the raw data for any messages containing them, turning over only those.

The distinction is important for evaluating crucial constitutional issues raised by how to apply Fourth Amendment privacy rights to new communications and surveillance technologies. Government secrecy about Internet wiretapping has prevented judges from adjudicating the issues in open court.

Still, Patrick Toomey, an American Civil Liberties Union lawyer who is helping lead one of several lawsuits challenging the N.S.A.’s Internet surveillance, argued that even if the companies were sifting the data themselves, the constitutional issues were the same if the companies were doing something they would not otherwise do at the government’s direction.

“The equivalent would be if AT&T were compelled to put every phone call through a voice transcription and then give to the government” copies of only those calls that were linked to a suspect, Mr. Toomey said. “We would find that disturbing, not just because it could be abused, but because it involves the phone company listening to every phone call.”

The network companies that operate the Internet, like AT&T and Verizon, do not publicly discuss how the surveillance system works, and the government declined to comment about the newly disclosed report.

Congress commissioned the inspector general report after the leaks about surveillance by the former intelligence contractor Edward J. Snowden. A central focus was the FISA Amendments Act program, which permits warrantless collection of communications on domestic soil so long as the target is a noncitizen abroad — even if the target is communicating with an American.

One part of the program is called Upstream. It involves the collection of emails and other Internet messages as they cross network switches. The report discusses how network providers are legally compelled to give the N.S.A. communications “related to tasked selectors.” A little later, after a redacted paragraph, it says, “The providers should deliver only communications meeting these criteria to N.S.A.”

And the report said that “for each source of collection, N.S.A. employs processes to determine whether” — the middle of the sentence is redacted, before it picks up with, “are sending communications only for selectors currently tasked and authorized for collection.”

A senior administration official, speaking on the condition of anonymity to discuss internal deliberations, said there had been no official policy decision, as part of disclosing the inspector general report, to say more about how Upstream collection works than what the government had said previously.

Still, in previous reports and court documents about the Upstream system, the government has tended to use language that leaves it ambiguous whether the telecommunications companies or the government is filtering and scanning the raw Internet data.

(The inspector general report does not address how the N.S.A. collects foreign-to-foreign Internet messages passing through the American network. Such messages are not protected by domestic law, and the government does collect them in bulk, just as it could do if it intercepted them abroad, according to leaked documents and officials familiar with that system.)

The new report’s discussion of how the Upstream collection system works under the FISA Amendments Act dovetails with an article by The Times and ProPublica in August, which was largely based on “top-secret” documents provided by Mr. Snowden. But those documents remain classified. And in public, the government has been vague about the system’s details, including in its responses to lawsuits.

The cases are important because Internet technology works differently from the telephone technology for which wiretapping rules were developed and tested in court. A suspect’s phone call can be intercepted without touching any other people’s calls. But on the Internet, data from different messages are broken up and intermingled, so collecting a suspect’s email requires temporarily copying and sifting data from many people’s messages.

Privacy advocates want a court to address whether that violates the Fourth Amendment. So far, they have not succeeded.

In one such case, a group of AT&T customers represented by the Electronic Frontier Foundation argued in 2014 that the government was getting a copy of all Internet data and rooting through it. But the Justice Department said litigating the allegation would reveal state secrets, and a judge dismissed the claim in February 2015, writing cryptically that secret documents showed that “the plaintiffs’ version of the significant operational details of the Upstream collection process is substantially inaccurate.”

The complaint in another such case, brought in 2015 by the A.C.L.U. on behalf of the Wikimedia Foundation, also said that the N.S.A. was systematically copying and reviewing international communications, although it also hedged that some aspects of that surveillance “may be conducted by the telecommunications providers on the government’s behalf.” A judge dismissed that case, too, and it is now on appeal.

Savage, Charlie - File Says N.S.A. Found Way to Replace Email Program - The New York Times 20151119

Savage, Charlie - File Says N.S.A. Found Way to Replace Email Program - The New York Times 20151119

WASHINGTON — When the National Security Agency’s bulk collection of records about Americans’ emails came to light in 2013, the government conceded the program’s existence but said it had shut down the effort in December 2011 for “operational and resource reasons.”

While that particular secret program stopped, newly disclosed documents show that the N.S.A. had found a way to create a functional equivalent. The shift has permitted the agency to continue analyzing social links revealed by Americans’ email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The newly disclosed information about the email records program is contained in a report by the N.S.A.’s inspector general that was obtained by The New York Times through a lawsuit under the Freedom of Information Act. One passage lists four reasons that the N.S.A. decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that “other authorities can satisfy certain foreign intelligence requirements” that the bulk email records program “had been designed to meet.”

The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad.

The N.S.A. had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.’s internal procedures.

The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.

“Thus,” the report said, these two sources “assist in the identification of terrorists communicating with individuals in the United States, which addresses one of the original reasons for establishing” the bulk email records program.

Timothy Edgar, a privacy official in the Office of the Director of National Intelligence in both the George W. Bush and Obama administrations who now teaches at Brown University, said the explanation filled an important gap in the still-emerging history of post-Sept. 11, 2001, surveillance.

“The document makes it clear that N.S.A. is able to get all the Internet metadata it needs through foreign collection,” he said. “The change it made to its procedures in 2010 allowed it to exploit metadata involving Americans. Once that change was made, it was no longer worth the effort to collect Internet metadata inside the United States, in part because doing so requires N.S.A. to deal with” restrictions by the intelligence court.

Observers have previously suggested that the N.S.A.’s November 2010 rules change on the use of Americans’ data gathered abroad might be connected to the December 2011 end of the bulk email records program. Marcy Wheeler of the national security blog Emptywheel, for example, has argued that this was probably what happened.

And officials, who spoke on the condition of anonymity to discuss sensitive collection programs, have said the rules change and the FISA Amendments Act helped make the email records program less valuable relative to its expense and trouble. The newly disclosed documents amount to official confirmation.

The N.S.A. and the Office of the Director of National Intelligence did not respond to a request for comment.

After the Sept. 11 attacks, Mr. Bush secretly authorized the N.S.A. to conduct surveillance and data-collection activities without obeying the Foreign Intelligence Surveillance Act, in a program called Stellarwind.

The email records component caused many internal headaches. In 2004, the Justice Department questioned its legality, contributing to a confrontation in the hospital room of Attorney General John Ashcroft and the threat of a mass resignation.

Mr. Bush then halted the program until the intelligence court began issuing secret orders authorizing it.

The court limited the categories of data that the N.S.A. was permitted to collect and restricted how it could gain access to the data. After violations of those limits were revealed in 2009, the N.S.A. suspended the program until mid-2010, only to end it the next year.