The NSA's 'Time Machines' Make It Incredibly Easy To Violate Section 702 Restrictions
from the collect-all-the-things! dept
Marcy Wheeler has a fascinating post about NSA collection activities under Section 702 and Executive Order 12333. The rules governing the collections allow the NSA to gather communications when a targeted foreigner leaves the country, but are supposed to cease when this target returns to the United States. It’s something that’s easier said than done, even when the NSA engages in good faith efforts to abide by these restrictions.
As Wheeler points out, the collection efforts don’t always comply with these rules, and the way they’re constructed allows the NSA to collect communications and other data it shouldn’t have access to. First, this is how they’re supposed to work:
The short version is that FISA imposes some restrictions on whether you can collect data at rest to obtain data from outside the period of a FISA order. Thus, if you’re not supposed to collect on someone when they’re in the US (whether that person is a US person or a foreigner), there are classified restrictions about whether you can collect stored data from that period.
None of these rules are (as far as I’m aware) public, but there are rules for all the various laws. In other words, you’re not supposed to be able to collect GMail on a foreigner while they’re in the US, but you’re also not supposed to be able to cheat and just get the same Gmail as soon as they leave the country.
When a US person is targeted, violations are even more likely. Again, the NSA can collect data and communications created when this person is located overseas, but is not supposed to have access to anything created while the person was in the United States. But it doesn’t always do this, thanks in part to how it conducts its FISA searches.
This is even more complex for Americans. Domestically, there are two kinds of collection: 1805, which is the collection of data in motion — an old fashioned wiretap, and 1824, which is called a “physical search” order. The government likes to hide the fact that the collection of data at rest is accomplished with an 1824 physical search order, not 1805. So an 1824 order might be used to search a closet, or it might be used to image someone’s hard drive. Most often, 1805 and 1824 get combined, but not always (the FISC released a breakdown for these last year).
So, when this target travels overseas, the person data can be collected. While it’s restricted to the time period the person is out of the country — and further restricted by the period covered by the FISA order — the NSA’s collection programs, which include implants on devices, continue to gather data in motion while the collection is supposedly forbidden. This is stored by the NSA, accessible at any time.
Data at rest is an even bigger problem. This often comes from device imaging or exfiltration via hacking. Data at rest can come from any time period, including months or years before the person became an NSA target. This is the end result of the NSA’s multiple collection authorities and its harvesting tactics.
Effectively, once someone leaves the country the NSA has access to time machines to collect data from the past, though there are supposed to be limits on doing this.
[…]
[B]ecause of the differing rules on data in motion and data at rest — and because of the truly awesome methods used as soon as someone goes overseas — there are actually a lot of ways that NSA can get around the legal limitations based on space by playing with the limitations on time.
As Wheeler notes, it’s a problem for the NSA, even when it engages in good faith collection efforts. Segregation of data is an ongoing issue, one highlighted by its recent abandonment of its “about” email collection. Most of the legal authorities used are seldom discussed because they remain shrouded in official secrecy, so there’s no telling how often violations occur. But the NSA’s data-harvesting “time machines” clearly violate guidelines and are yet another reason no one should be in a hurry to grant a clean reauthorization of Section 702 at the end of this year.
Filed Under: 702, nsa, section 702, surveillance, time machine
Comments on “The NSA's 'Time Machines' Make It Incredibly Easy To Violate Section 702 Restrictions”
a simpler time machine
How complicated.
does anyone remember that data left on a server for 180 days counts as `abandoned’ and no longer is subject to privacy protections? Hint: https://www.techdirt.com/articles/20170207/00144636650/congress-tries-once-again-to-require-warrants-to-search-emails.shtml
the NSA only needs to leave data on its servers for 180 days to get unlimited access to it, under this reasoning.
Re: a simpler time machine
Hmm, wouldn’t it follow that if you sent a written request to the NSA that they delete any unauthorized collected data on you every, say, 60-90 days, that it would not count as abandoned?
Thank you, multiple and conflated definitions of the verb “collect”.
Re: Re:
"Collect" is not actually an ambiguous term. Don’t blame the verb, blame the NSA for making shit up and the courts for believing it. Or "courts" I should say, because it’s not like they asked the legitimate courts.
Related headline: Hacks Are Always Worse Than Reported
It seems that Morlocks make great nerds.