<<< Date Index >>>     <<< Thread Index >>>

[IP] worth reading -- loophole in FISA?





Begin forwarded message:

From: John Gilmore <gnu@xxxxxxxx>
Date: December 22, 2005 5:11:35 AM EST
To: Kevin Bankston <bankston@xxxxxxx>
Cc: eff-privacy@xxxxxxx, John Gilmore <gnu@xxxxxxxx>
Subject: Re: [E-PRV] "Steven M. Bellovin": loophole in FISA?

Hi John--As I think I've already mentioned, Steven is probably
right--indiscriminate extraterritorial wiretapping that is not targeted
at particular people likely isn't prohibited by FISA.  However, this
loophole is more relevant to ECHELON and global eavesdropping
generally, not the current wiretap controversy, as the
currently-controversial wiretaps definitely targeted specific people
within the US and almost certainly occurred within US borders.

Please read the Ars Technica post that Steve cited.  It really isn't
clear that the currently-controversial wiretaps "definitely targeted
specific people".  And it's also pretty clear that it almost certainly
DIDN'T occur within US borders; see Hayden's press conference,
transcripted in full by Declan:

  http://www.politechbot.com/2005/12/20/transcript-of-briefing/

The clues are piling up that vacuum-cleaner style dragnets are what's
at issue:

  http://arstechnica.com/news.ars/post/20051220-5808.html

The new text below from today's Post leads me in the same direction.
They make a big distinction between "detecting" and "monitoring",
where "monitoring" is what requires warrants, while "detecting"
doesn't.  (It depends on what the meaning of "is" is.)

http://www.washingtonpost.com/wp-dyn/content/article/2005/12/21/ AR2005122102326.html

Still, Bush and his advisers have said they need to operate outside
the FISA system in order to move quickly against suspected
terrorists. In explaining the program, Bush has made the distinction
between detecting threats and plots and monitoring likely, known
targets, as FISA would allow.

Bush administration officials believe it is not possible, in a
large-scale eavesdropping effort, to provide the kind of evidence the
court requires to approve a warrant. Sources knowledgeable about the
program said there is no way to secure a FISA warrant when the goal is
to listen in on a vast array of communications in the hopes of finding
something that sounds suspicious. Attorney General Alberto R. Gonzales
said the White House had tried but failed to find a way.

One government official, who spoke on the condition of anonymity, said
the administration complained bitterly that the FISA process demanded
too much: to name a target and give a reason to spy on it.

"For FISA, they had to put down a written justification for the
wiretap," said the official. "They couldn't dream one up."

The NSA program, and the technology on which it is based, makes it
impossible to meet that criterion because the program is designed to
intercept selected conversations in real time from among an enormous
number relayed at any moment through satellites.

"There is a difference between detecting, so we can prevent, and
monitoring. And it's important to note the distinction between the
two," Bush said Monday.

It appears that perhaps they've pointed the NSA vacuum cleaner
straight into all US-based international telecommunications.  [By the
way, satellites are only a tiny part of it; the vast majority of
conversations go via fiber, and NSA can tap them.  It's not clear why
the Post said "satellites" here.]

Perhaps NSA is just sampling every communication to determine what
language it's in, and feeding all the Arabic to further analysis.  The
theory would be that if they didn't feed your call to further
analysis, then it was only "detected", not "monitored".  We've seen
inklings of this before, in the context of wiretapping IP traffic.
They claim that having a computer look at every bit and byte is
OK without a warrant as long as it sorts out the "signalling info"
like URLs and email addresses, which are buried deep in the user's
packets right next to all the un-wiretappable stuff.  It's total
hokum, unsupported by law, but it's their theory.

Hmm, here's my conclusion.  Perhaps they're doing a pen-register/
trap-and-trace on every call that leaves or enters the US.  They're
building up the database containing the huge network of who-calls-who,
over the long term.  (This would also sweep up any touch-tones during
a call, including PIN codes, passwords, dial-back systems, etc).  And
then when they capture a bad guy who was using phone number X, they
look it up and know every number who called phone number X, or
received a call from it.  And then they do directed wiretaps against
those numbers (with or without the FISA court).  No wonder a judge in
the know would resign to call attention to this!

Is this a murky area of international wiretap law?  It's clear NSA
can't broadly wiretap the CONTENTS of communications of US citizens,
without a warrant.  Can it broadly wiretap the SIGNALLING of US
citizens, and store it forever for easy lookup, without a warrant?
From within the government we see everywhere their assumption that
they have carte blanche over signalling info, without warrants.

And this is just the sort of Total Information Awareness-like
operation that would get a reaction like this from Congress:

http://www.washingtonmonthly.com/archives/individual/ 2005_12/007812.php

  Gonzales: "We've had discussions with members of Congress, certain
  members of Congress, about whether or not we could get an amendment
  to FISA, and we were advised that that was not likely to be --
  that was not something we could likely get, certainly not without
  jeopardizing the existence of the program, and therefore, killing
  the program."

Merely raising the possibility publicly would get it killed.

I can see why the FISA court would get upset about such a thing too.
It's just like the infamous illegal LAPD "handoff" in which illegal
wiretaps were used to get evidence that was used in the declarations
to get legal wiretap warrants.

Here's something said in the press conf today by ex-NSA dir Hayden:

  We understand that this is a more -- I'll use the word "aggressive"
  program than would be traditionally available under FISA.  It is
  also less intrusive.  It deals only with international calls.  It is
  generally for far shorter periods of time.  And it is not designed
  to collect reams of intelligence, but to detect and warn and prevent
  about attacks.  And, therefore, that's where we've decided to draw
  that balance between security and liberty.

Remember, you read it here first.

        John






-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/