Sunday, June 22, 2008
The Key Questions About the New FISA Bill
We've invited David Kris to publish some posts explaining the new FISA bill. Check out his first two posts, just below David Luban's important Commander in Chief post. David K. was Associate Deputy Attorney General in charge of national security issues from 2000 to 2003, and before that he was in the Criminal Appellate section of the Criminal Division. He was widely regarded as one of the very best lawyers in the Department -- and became one of the most trusted, most well-respected authorities in the Department on criminal law and electronic surveillance issues once he moved on to the DAG's Office. As I've written here before, he's extremely thorough, careful, and impartial. We're thrilled to have his input here.
The procedures that need to be looked at closely are three: the targeting procedure, the minimization procedure and the continuation rules.
Since I don't know if David will address those that you haven't mentioned, I will stick to the minimization procedure. The data gathered under the targeting procedure is subject to minimization, and is to be processed in databases with data mining procedures, which include learning algorithms and statistical updates. Since the minimization procedures only require that data that must be minimized not be looked at by people, until their destruction after 4 days, they can be used as input to these data mining programs, updating weights, changing suspicions on people in the database, completing links in link analyses. Nothing in this bill says they need to be rolled back, and that was one thing the administration was adamant about getting, witness their comments on the Senate Judiciary Committee version which did include rollbacks.
The problem is, in a terrorism or threat style database, once in the database, a person's suspicion level will only increase, and it may increase because of data that has not been acquired as a result of any lawful document, just data that was later minimized.
If a person enters the database and subsequently rises to a level of suspicion worth pursuing a warrant for by data that is all unlawful to acquire, but lawful to use before disposing of, the effect is that anyone can become a target of suspicion.
Add to that that the continuation allows them to put together any scheme for data gathering, even one that cannot be approved, and use it until it runs through a complete set of rulings and appeals, again with no rollback if it finally ends up denied or fixed. It is possible to build databases that diffuse the data such that it never exists in a form that constitutes a breach of privacy directly (if read by a human being) but nevertheless exists. Stipulations about aggregate data in minimization procedures are meaningless if the data fits enough categories, because then it can be inverted (in the sense of a Radon transform or Galois connection) to produce individual data.
I have a hard time accepting that Mr. Kris is posting in good faith. First, his assertion that the government's claim about the ratio of satellite to wire communications for international telecommunications is merely exaggerated is overly generous. In the paper that serves as the basis for his posts here, he quotes Gen. Hayden (CIA head and former NSA head), Gen. Alexander (current NSA head), Adm. McConnell (Director of National Intelligence and former NSA head), and Kenneth Wainstein (Asst AG for National Security) all testifying to Congress making the same claim:
When FISA was passed, almost all international telecommunications were in the air.
This is not an exaggeration. This is a falsehood. All of these men are supposed to be experts on the subject. Are we to believe that somehow three directors of the NSA and our nation's top national security lawyer are all so woefully misinformed about the history of telecommunications that they inadvertantly made false statements to Congress? I think it is more likely that these men brazenly lied to Congress to achieve a political objective. Mr. Kris is trying to put some lipstick on this pig.
The leaks concerning the TSP and the statements of the DNI suggest that the TSP is monitoring captured telephone numbers and email addresses without possessing individualized probable cause for the people using these numbers. This falls between the standard wiretap warrant to gather criminal evidence and the speculation that NSA is conducting data mining of all telecommunications (something the DNI has denied without any dispute from the Intelligence Committee members who have been briefed on and observed the TSP).
The reforms of FISA offered in this bill would essentially ratify such surveillance.
What about criminal actions? Per John Dean on Countdown last week it looks like the people behind it may have forgot to shut the door on criminal prosecutions. Granted, the FISA statute limit is five years, but a proactive AG would be able to mount a prosecution.
Does VOIP services (particularly P2P networks) complicate the application of FISA?
I'm unsure of the precise architecture of those networks, but here's why I ask:
Would a P2P network that had a node in the US fall under the individualized warrant requirement of FISA?
the speculation that NSA is conducting data mining of all telecommunications . . .
is kind of like the speculation that the astronauts landed on the Moon.
Or wait, maybe it's more like the controversy in the "smoking and health controversy" that Philip Morris used in its public utterances. Not proven!
Under the new regime, presumably NSA (or its computers, anyway) will be permitted to intercept considerably more communications between U.S. persons here in the States and persons abroad -- perhaps even most of those international phone calls, e-mails and other communications, because the new law allows any interceptions of persons overseas if collecting "foreign intelligence information" is a significant objective.
The same technology needed to Hoover U.S.-to-foreign communications from the U.S. is the technology that will allow Hoovering of U.S.-to-U.S. communications. The only restraint is that of the persons or machinery doing the Hoovering and sifting. As long as that's done without the requirement for cause and oversight by someone other than the NSA and/or executive, expect abuses and line-crossing every time someone sees the need or value for such....
"The leaks concerning the TSP and the statements of the DNI suggest that...."Post a Comment
Typos there, "Bart".
"The self-serving leaks concerning the TSP and the statements of the DNI who has already been shown to have lied publicly about FISA and surveillance suggest that...."
Much better. And more accurate.