Letters to the Editor
-
@Arne
I was going to respond to your direct response to me, but this one to Mad Dogs was more complete.
To the extent that they're Hoovering IP traffic, and sniffing for potential new bad guys, I oppose it. I think that a warrant should be required that states with specificity what's being looked for, why it's being looked for there, and why they think it will be found. I'm funny that way.
Already, "hoovering IP traffic" has problems with a definition of one party being always listened to, the other coincidentally listened to. They're all listened to, and you "filter" from there.
It is possible that you might need Hoover-size snoops to find stuff you are entitled to see (think the vagaries of IP routing, or of mobile roaming from network to network, enduring headaches for those who are required to do CALEA-compliant IP snoops), I think that the winnowing procedures that limit the stuff that is recorded and seen by humans needs to be for the purpose of making sure that only material covered by a warrant is included in the stuff delivered.
This is the bedrock from which any new FISA should arise, shouldn't it? The assumption that the electronics will provide a 100% blocking firewall disallowing snooping on things for which they haven't spelled out the terms to a court, while allowing that which they have. It is totally different from what we have had, which is that physics, wires, and physical locations provided that firewall by specifying which wire to tap or location to bug.
If not, then the potential for abuse arises. I'd note that even the procedures of CALEA are not sufficient to protect against recording of privileged information, and there's procedures to deal with that, e.g., if you have a legal Title III wiretap, you're still not allowed to listen in on conversations a "target" might have with their attorney; if the LEAs find themselves listening in on such a conversation, they must immediately terminate the recording and dispose of anything they grabbed related to that call.
Unless, of course, the call with the attorney contained any of their key words, linked to any of their link analysis targets of suspicion, or the attorney was providing them with information that (shall we, for example, say) she wasn't supposed to (Pronoun indicates a recently convicted attorney's gender).
FISA did have minimisation procedures in it; if a warrant didn't ensue, the records should be destroyed, and similarly after a certain time if the surveillance gives nothing, they need to destroy the records as well. But the minimisation procedures in the recent amendments are far less clear.....
Absolutely agree. Recent amendments seem to make it up to the Attorney General to come up with such procedures, the same way that the MCA2006 made it up to the President to come up with a list of tortures that invalidated evidence.
My point, Arne, is that boxes like the NARUS grab everything, restore all messages and web architecture relationships, and then the surveilling party makes the decisions on what to do with the stored data. So the idea that there are some parties that are always listened to and others that are not is not current, all are listened to, there is an agreement not to look at some data, where previously there was an agreement only to collect some data.
In addition, the targets you mentioned included intangibles ("plutonium") but not network attributes like link relationships, and not frequency based intangibles, like the data on words that get used abnormally frequently and when that has changed over the whole graph in order to target the behavior of one node (presumably the classical "target"). There are transforms that allow this to go on without anyone hearing the content of even one sentence, but shouldn't someone discuss whether or not your privacy extends from what you say to how you say it? The current standard seems to be that it isn't private until someone legislates that it is.
Who is the target when data is collected on how many calls are being placed to Kabul in the last 24 hours? It is evidence of the sort that might be used to go to court and get warrants against the callers (albeit with other intangible statistics to bolster a case) when no specific caller has necessarily made any criminal contact with anyone -- e.g. 2 years later someone says "Oh,gee, maybe all these people were calling because it was Eidt, maybe the software pegged a false positive 'code word'".
The IRAHS system does all the above types of analysis (and many others), and requires a "picture of the network" view to pinpoint and suggest likely targets. What are all the people who are essentially being surveilled called before they take up a target? And shouldn't a court look at whether or not that data gets collected?
I'm not really disagreeing with anything you or Glenn are saying about terms of art, but I am seriously doubtful that the patchwork of law based on wires can protect us from abuse much longer -- although hopefully until we get a favorable government for fixing it properly. I would like to see new types of warrants for all the new types of data gathering, and probably inspections to make sure minimization procedures are really being followed. It may be much easier for a terrorist to hide in today's electronic system, but it is also much easier for a government surveillance abuser to hide, too.