Quantcast

«

»

Jun 11 2013

Why the Verizon Seizures are Clearly Illegal

The revelation that the government gets daily reports from Verizon that includes the metadata on every single communication sent through their network shows the dangers of data mining, something clearly forbidden both by the 4th Amendment and statutory law. Benjamin Wittes gives one very good reason why:

We have only the order itself, not the application that underlies it, but I have a hard time imagining the application that could have produced it. Section 215, codified in law as 50 U.S.C. § 1861, allows the government to apply to the FISA court for an order for production “of any tangible things . . . for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities. . . .” To acquire such an order, the government does not have to do much—just as it doesn’t have to do much in a criminal investigation: It merely has to offer, in pertinent part, “a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation . . . to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.”

So I’m trying to imagine what conceivable of facts would render all telephony metadata generated in the United States “relevant” to an investigation, presumably of the bombing. This would include, of course, all telephony metadata that, as matters turned out, postdates the killing of one bomber and the capture of the other—though there’s no way the government could have known that when the application was submitted. And it would also include all telephony metadata that postdates the government’s conclusion that the Tsarnaev brothers were apparently not agents of any foreign terrorist group. But even if this were not the case, how is it possible that all calls to, say, Dominos Pizza in Peoria, Illinois or all calls over a three month period between two small businesses in Juneau, Alaska would be “relevant” to an investigation of events in Boston—even if we assume that the FBI did not know whom it was investigating in the Boston area and did not know whom that unknown person was communicating with?

I think the only possible answer to this question is that a dataset of this size could be “relevant” because there are ways of analyzing big datasets algorithmically to yield all kinds of interesting things—but only if the dataset is known to include all of the possibly-relevant material. The data may not be relevant, but the dataset is relevant because it is complete—and therefore is sure to include any communications by whomever the bombers turn out to be.

Exactly right. The 4th Amendment requires warrants for such seizures of information, issued only upon a showing of probable cause and “particularly describing the place to be searched, and the persons or things to be seized.” If the government wants such data, they can only get it after a specific showing of probable cause that a particular person or persons has committed a crime or is planning to commit one and a specific accounting of what information is being sought and why. But this programs gives them access to such data for every single Verizon customer, turned over every single day to the government.

Orin Kerr spells out another problem with the program:

If the order is what it appears to be, then the order points to a problem in Section 1861 that has not been appreciated. Section 1861 says that the “things” that are collected must be relevant to a national security investigation or threat assessment, but it says nothing about the scope of the things obtained. When dealing with a physical object, we naturally treat relevance on an object-by-object basis. Sets of records are different. If Verizon has a database containing records of billions of phone calls made by millions of customers, is that database a single thing, millions of things, or billions of things? Is relevance measured by each record, each customer, or the relevance of the entire database as a whole? If the entire massive database has a single record that is relevant, does that make the entire database relevant, too? The statute doesn’t directly answer that, it seems to me. But certainly it’s surprising — and troubling — if the Section 1861 relevance standard is being interpreted at the database-by-database level.

That isn’t just troubling, it’s terrifying.

14 comments

Skip to comment form

  1. 1
    slc1

    Well, Jeffrey Toobin, who is an attorney, seems to think that what the NSA was doing was legal and that Snowden is something less then Saint Snowden.

    http://www.newyorker.com/online/blogs/comment/2013/06/edward-snowden-nsa-leaker-is-no-hero.html

  2. 2
    D. C. Sessions

    The statute doesn’t directly answer that, it seems to me. But certainly it’s surprising — and troubling — if the Section 1861 relevance standard is being interpreted at the database-by-database level.

    Fortunately, that’s exactly the kind of question that our adversary system of law is well-suited to thrashing out.

  3. 3
    richardelguru

    The answer is simple, we just get everyone to make a point of saying things like “bomb”, “Al Quaeda”, “ricin” and, possibly, “Knickers!” at least once in every communication.
    Let’s see them shove that up their algorithm.

  4. 4
    D. C. Sessions

    Let’s see them shove that up their algorithm.

    What bothers me almost as much as the Big Brother aspect is that I suspect that their strategy really might be just that clueless. After all, our anti-hijacking plans are based on the idea that the Bad Guys are uniformly dumber than a box of rocks, so why not have a SIGINT strategy based on the Bad Guys having never heard of code phrases?

  5. 5
    reverendrodney

    In addition to trampling on the Constitution the NSA is making all citizens vulnerable. Where is the security when your every telephoned or emailed confidence is open to review by employees of for-profit corporations? If a well meaning person such as Edward Snowden can expose the system, then for sure nefarious types can sell information gleaned from the database to the highest bidders, whether they be blackmailers or foreign agencies.
    This has nothing to do with security and everything to do with power.

  6. 6
    doublereed

    @1 slc1

    Screw that guy.

    What, one wonders, did Snowden think the N.S.A. did? Any marginally attentive citizen, much less N.S.A. employee or contractor, knows that the entire mission of the agency is to intercept electronic communications. Perhaps he thought that the N.S.A. operated only outside the United States; in that case, he hadn’t been paying very close attention. In any event, Snowden decided that he does not “want to live in a society” that intercepts private communications. His latter-day conversion is dubious.

    This is a psychotic rambling. Yes, the NSA does intercepting of electronic communication. That does not mean that the NSA is supposed to be doing mass domestic surveillance, and that does not mean that NSA employees should be totally cool with it. What the hell kind of false equivalence is that?

  7. 7
    karmacat

    I keep wondering how useful this program really is. If NSA is collecting that much data, they may be getting a whole lot more haystack making it hard to find “the needle.” It adds insult to injury: are privacy is being invaded without any benefit. In fact there will probably be more harm to individual because these employees have access to names, credit cards, social security numbers, etc.

  8. 8
    Ace of Sevens

    http://davidsimon.com/we-are-shocked-shocked/

    David Simon, creator of The Wire also argues that thsi is legal, btu I don’t think his analogy holds up.

  9. 9
    eric

    @3, @4, @5 – remember, we’re talking metadata here, not content. This particular progam doesn’t even look at message content, it looks at stuff like time of call, length of call, etc., sender and recipient, etc.

    Modern telecommunications have essentially destroyed NSA’s clear-cut line of what they can and can’t do. It used to be easy to reasonably distingish between non-US citizen communications and US ones: just know where the phone is located. Can’t do that now. Cell phones, services like skype, etc. combined with bad guys who will intentionally use such options to hide render it much much harder to figure out where their mission begins and ends. So I suspect that, if the NSA is to continue its standard mission of looking at non-US-citizen communications, its going to have to come up with some much more sophisticated, 21st century methods of distingishing the people it can listen to from the people it can’t. That is very likely going to include looking at some metadata. .

    Having said all that, this particular program looks pretty ridiculous. Even if you agree with what I’ve said above (and certainly reasonable people don’t have to), the correct approach would be to first do research to figure out what a good filter should collect to be effective. You test it, validate it, make sure it doesn’t have too high a false positive or negative rate. Then you use it to collect only that data needed by the filter. You don’t start off collecting all possible data on every single person in reach until you know how to sort out the legal intercepts fromt he illegal ones. What they are doing here seems like “we don’t know how to find needles yet, but bring us all your haystacks anyway.” Uh, no. Figure out how you can do needle-finding first.

  10. 10
    chilidog99

    If its legal for Google to data mine to sell targeted advertising, why would it be illegal for the Government to do their own “market research” so to speak?

  11. 11
    baal

    @ 10 chilidog99
    Google doesn’t tax, have police and an army, can’t jail you and has limited power to make your life as a single human suck. I’m offended that businesses think they own my personal data and use their very real power to take it contrary to my will. Like Ed says, the same info in the hands of the people who can jail or kill me for having the wrong views (you know, atheist if not a bunch of other things like, ‘bi’ etal) is a different matter.

  12. 12
    Karen Locke

    Years ago (omigosh 20 years ago; I’m old!) I held a security clearance because I worked on the flight simulator for what was then super-secret, the B2 Bomber. We had frequent security briefings, and the one thing always emphasized was that electronic communications were by their nature insecure. I did that job long enough that I still consider electronic communications insecure, and if I want to share personal information I consider sensitive I’ll do it person-to-person. Fortunately, there’s very little of that in my life! If the NSA wants to know my recipe for enchilasagna, more power to them.

  13. 13
    DonDueed

    I don’t know about the government, but I want to know your recipe for enchilasagna.

    Do I need a warrant?

  14. 14
    chrisdevries

    I think there’s some confusion over the word “legal” here. Yes, the US government can get a secret court to issue a secret warrant to do something (using the Patriot Act). But the fact remains that just because a judge allows you to do something doesn’t make it legal. And since there is no way to appeal something unless you know what it is that you’re appealing, the role of the whistleblower is absolutely critical to making sure that the government, when it does violate the constitution, is brought to task. The Patriot Act, when narrowly applied, can be made to conform with constitutional law, but it is very clear that it is bad law written by reactionary morons (and even they are now apparently saying that they never intended the law to allow THIS), and needs to be either invalidated by the Supreme Court, or revised according to very strict guidelines implemented by SCOTUS.

    Snowden should be a hero to the American people (and people living all over the world who are systematically persecuted by the US government). In breaking the law, he has brought to light far greater legal violations on a far wider scale, an act which should exempt him from prosecution. Of course, since the president (and the entire Executive Branch) is defending PRISM and the data seizures in question, the only way to make sure Snowden is spared punishment is for rights groups to challenge the government directly on this (with a massive legal case), humiliate Obama and Holder, and make it politically impossible to go after the man who brought this travesty of justice to our attention.

Leave a Reply

Switch to our mobile site