[E-PRV] "Steven M. Bellovin": loophole in FISA?

John Gilmore gnu at toad.com
Thu Dec 22 05:11:35 PST 2005 

>Hi John--As I think I've already mentioned, Steven is probably
>right--indiscriminate extraterritorial wiretapping that is not
>targeted
>at particular people likely isn't prohibited by FISA.  However, this
>loophole is more relevant to ECHELON and global eavesdropping
>generally, not the current wiretap controversy, as the
>currently-controversial wiretaps definitely targeted specific people
>within the US and almost certainly occurred within US borders.

Please read the Ars Technica post that Steve cited.  It really isn't
clear that the currently-controversial wiretaps "definitely targeted
specific people".  And it's also pretty clear that it almost certainly
DIDN'T occur within US borders; see Hayden's press conference,
transcripted in full by Declan:

  http://www.politechbot.com/2005/12/20/transcript-of-briefing/

The clues are piling up that vacuum-cleaner style dragnets are what's
at issue:

  http://arstechnica.com/news.ars/post/20051220-5808.html

The new text below from today's Post leads me in the same direction.
They make a big distinction between "detecting" and "monitoring",
where "monitoring" is what requires warrants, while "detecting"
doesn't.  (It depends on what the meaning of "is" is.)

http://www.washingtonpost.com/wp-dyn/content/article/2005/12/21/
AR2005122102326.html

>Still, Bush and his advisers have said they need to operate outside
>the FISA system in order to move quickly against suspected
>terrorists. In explaining the program, Bush has made the distinction
>between detecting threats and plots and monitoring likely, known
>targets, as FISA would allow.
>
>Bush administration officials believe it is not possible, in a
>large-scale eavesdropping effort, to provide the kind of evidence the
>court requires to approve a warrant. Sources knowledgeable about the
>program said there is no way to secure a FISA warrant when the goal is
>to listen in on a vast array of communications in the hopes of finding
>something that sounds suspicious. Attorney General Alberto R. Gonzales
>said the White House had tried but failed to find a way.
>
>One government official, who spoke on the condition of anonymity, said
>the administration complained bitterly that the FISA process demanded
>too much: to name a target and give a reason to spy on it.
>
>"For FISA, they had to put down a written justification for the
>wiretap," said the official. "They couldn't dream one up."
>
>The NSA program, and the technology on which it is based, makes it
>impossible to meet that criterion because the program is designed to
>intercept selected conversations in real time from among an enormous
>number relayed at any moment through satellites.
>
>"There is a difference between detecting, so we can prevent, and
>monitoring. And it's important to note the distinction between the
>two," Bush said Monday.

It appears that perhaps they've pointed the NSA vacuum cleaner
straight into all US-based international telecommunications.  [By the
way, satellites are only a tiny part of it; the vast majority of
conversations go via fiber, and NSA can tap them.  It's not clear why
the Post said "satellites" here.]

Perhaps NSA is just sampling every communication to determine what
language it's in, and feeding all the Arabic to further analysis.  The
theory would be that if they didn't feed your call to further
analysis, then it was only "detected", not "monitored".  We've seen
inklings of this before, in the context of wiretapping IP traffic.
They claim that having a computer look at every bit and byte is
OK without a warrant as long as it sorts out the "signalling info"
like URLs and email addresses, which are buried deep in the user's
packets right next to all the un-wiretappable stuff.  It's total
hokum, unsupported by law, but it's their theory.

Hmm, here's my conclusion.  Perhaps they're doing a pen-register/
trap-and-trace on every call that leaves or enters the US.  They're
building up the database containing the huge network of who-calls-who,
over the long term.  (This would also sweep up any touch-tones during
a call, including PIN codes, passwords, dial-back systems, etc).  And
then when they capture a bad guy who was using phone number X, they
look it up and know every number who called phone number X, or
received a call from it.  And then they do directed wiretaps against
those numbers (with or without the FISA court).  No wonder a judge in
the know would resign to call attention to this!

Is this a murky area of international wiretap law?  It's clear NSA
can't broadly wiretap the CONTENTS of communications of US citizens,
without a warrant.  Can it broadly wiretap the SIGNALLING of US
citizens, and store it forever for easy lookup, without a warrant?
>From within the government we see everywhere their assumption that
they have carte blanche over signalling info, without warrants.

And this is just the sort of Total Information Awareness-like
operation that would get a reaction like this from Congress:

  http://www.washingtonmonthly.com/archives/individual/
2005_12/007812.php

  Gonzales: "We've had discussions with members of Congress, certain
  members of Congress, about whether or not we could get an amendment
  to FISA, and we were advised that that was not likely to be --
  that was not something we could likely get, certainly not without
  jeopardizing the existence of the program, and therefore, killing
  the program."

Merely raising the possibility publicly would get it killed.

I can see why the FISA court would get upset about such a thing too.
It's just like the infamous illegal LAPD "handoff" in which illegal
wiretaps were used to get evidence that was used in the declarations
to get legal wiretap warrants.

Here's something said in the press conf today by ex-NSA dir Hayden:

  We understand that this is a more -- I'll use the word "aggressive"
  program than would be traditionally available under FISA.  It is
  also less intrusive.  It deals only with international calls.  It is
  generally for far shorter periods of time.  And it is not designed
  to collect reams of intelligence, but to detect and warn and prevent
  about attacks.  And, therefore, that's where we've decided to draw
  that balance between security and liberty.

Remember, you read it here first.

	John






-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the Testlist mailing list