Wireless Taps lead those actually reported by US Courts

Public disclosures regarding the otherwise secret wiretaps under the Foreign Intelligence Surveillance Act have been the focus of news reports, criminal investigations, and international intrigue in recent weeks. But the Administrative Office of the US Courts annually report the other wiretaps ordered by the federal and state  judiciary.

According to the report, “in calendar year 2012, a total of 3,395 orders authorizing the interception of wire, oral, or electronic communications, or wiretaps, were approved by state and federal judges,” according to the report. Only three percent of the wiretaps involved wires.

For the 2012 reporting period, January 1, 2012 to December 31, 2012, 97 percent of all wiretaps were authorized for “portable devices,” a category that includes cellular telephones and digital pagers. In addition, 87 percent of all 2012 applications for intercepts cited illegal drugs as the most serious offense under investigation.  As of December 31, 2012, a total of 3,743 persons had been arrested and 455 persons had been convicted as a result of interceptions reported as terminated.

The Administrative Office of the Courts points out that it is not authorized – or permitted – to include FISA-approved wiretaps. Equally importantly, the report also reminds the public that non-content data does not need a warrant. Instead pen register data about the nature of the call and the connection to the call requires a much lower legal standard to collect the data. It merely needs to be relevant to the investigation.

A Pen Register records telephone numbers called from a particular phone. The Register also records the date, time, and length of calls. Note that this is information that is already gathered for billing purposes by a communications service provider.

A Trap and Trace Order records the telephone numbers of telephones that are used to place calls to a particular phone. (i.e. Makes a log of incoming phone numbers.) Note that information of this sort is not gathered in the ordinary course of business. – Berkman Center

There is no security reason that these orders are not surveyed. In addition, the report points out that no report from a court to the Administrative Office  is necessary if “an order is issued with the consent of one of the principal parties to the communication.”

The use of wiretaps and the proportion of wiretaps in drug investigations to the exclusion of most other crimes should also raise some provocative public policy questions. Regardless of whether the information  being collected should remain private, there is no question that the information about the process and scope of these investigations should be incorporated into public policy development.

Blame Congress’ Patriot Act not the NSA or FBI

Prism-1When self-proclaimed whistle blower, Edward Snowden disclosed a PowerPoint presentation allegedly detailing the Prism computer system[1] at the heart of foreign data collection program, he set off a firestorm of debate over the role of  clandestine electronic surveillance on individuals outside the United States and the U.S. residents who communicate with them.

In the week that has followed, some clarity has emerged. First, the Prism system is not a code name for a clandestine operation, but the name of the computer system used to collect and store the data. According to the Director of National Intelligence, that computer system operates under Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a).

Section 702 provides that “the Attorney General and the Director of National Intelligence may authorize jointly, for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.” The reasonable belief focuses on the location of the target, not the threat posed by the target. Most of the other limitations emphasize that this should not be used if the purpose is to target someone inside the U.S.

Nowhere in Section 702 is there a requirement that the information is relevant to an investigation at some level – “specific articulable facts giving reason to believe,” or “reasonable suspicion.” Probable cause is likely not within the realm of possibility. The law allows and even encourages broad, general sweeping of data, which can then be analyzed for patterns and anomalies.

The Section 702 directives are the subject of quasi-judicial review. The FISA Court is comprised of 11 federal judges assigned this additional duty by the Chief Justice of the Supreme Court. This internally appointed judicial panel has operated since 1979. In that time, according to the Wall Street Journal, it has rejected 11 applications for various surveillance requests. During that time, the number of approved surveillance requests has been in excess of 33,900 or an approval rate of  99.97 percent. Without knowing anything more, it is inconceivable that any review process with over 99 percent approvals can constitute a meaningful review.

Harvard Law Professor and former U.S. District Judge Nancy Gertner highlighted the structural problem of the FISA Court.

It’s an anointment process. It’s not a selection process. But you know, it’s not boat rockers. So you have a [federal] bench which is way more conservative than before. This is a subset of that. And it’s a subset of that who are operating under privacy, confidentiality, and national security. To suggest that there is meaningful review it seems to me is an illusion.

The problem, therefore, is not a secret or rogue NSA plot but instead a widely supported provision of the Patriot Act designed to be used precisely as the NSA has been doing. It has executive, legislative and judicial support. But because it is operated by a close-knit association, the separation of powers has proven irrelevant as a limitation on its operation.

Moreover, the Patriot Act has other sections equally potent at eavesdropping on private information. As summarized by the ACLU, FISA Section 215 “allows the FBI to order any person or entity to turn over ‘any tangible things,’ so long as the FBI ‘specif[ies]’ that the order is ‘for an authorized investigation . . . to protect against international terrorism or clandestine intelligence activities.’” Section 215 (50 U.S.C. 1801 et seq.)

A secret NSA phone wiretapping order was also released last week highlighting the scope of metadata collection within the U.S. under Section 215.

This FISA Court Order targeting Verizon, required Verizon on an “ongoing, daily basis” to give the NSA information on all telephone metadata in its systems. Since the Section 702 orders deal with foreign data, this Section 215 court order excluded “telephony metadata for communications wholly originating and terminating in foreign countries.” The court order explains the scope of the request:

Telephony metadata includes comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call. Telephony metadata does not include the substantive content of any communication, as defined by 18 U.S.C. [Sec.] 2510(8), or the name, address, or financial information of a subscriber or customer.

Essentially this means that all of us with Verizon phones can be tracked anywhere in the U.S., our interaction with any other parties triangulated, our First Amendment rights of Association violated, and our notion of privacy eliminated. Non-Verizon subscribers likely are subject to identical orders. There is no reason to doubt that these orders are not routinely issued to track all phone and cell phone movement data.

Mary DeRosa summarizes the changes to Section 215 which led to the Verizon court order.

Previously, FISA required the FBI to present the [FISA Court] “specific articulable facts giving reason to believe” that the subject of an investigation was a “foreign power or the agent of a foreign power.” After section 215, the government is required only to assert that the records or things are sought for a foreign intelligence investigation or to protect against international terrorism or clandestine intelligence activities, although the investigation of a United States person may not be “solely upon the basis of activities protected by the first amendment to the Constitution.” There is no requirement for an evidentiary or factual showing and the judge has little discretion in reviewing an application. If the judge finds that “the application meets the requirements” of the section, he or she must issue an order as requested “or as modified.”

Neither the NSA nor the FBI are doing anything other than that approved by Congress. Indeed, were these departments found not to be using the authority granted by Congress, there would be outrage on Capitol Hill. Instead it is the law that has vastly over-extended the government’s reach into the movements and activities of the public, both domestic and foreign.

Moreover, the sweep of the law is growing broader by the day as more and more devices and technologies use remote communications to share information. While it might require a warrant to track a vehicle, the Internet enabled Pandora music player, the self-adjusting oil change settings, and the many other connected technologies are not subject to that warrant requirement. The movement of such cars will be routinely swept into the FBI’s database as part of the Section 215 orders.

The FTC has initiated a review of the ever-growing “Internet of Things,” which is to mean the “growing connectivity of consumer devices, such as cars, appliances, and medical devices.” Combine the power of the FBI and NSA to order metadata and tracking information on all digital data with the interconnectivity of medical devices, RFID-tagged products, installed devices on vehicles, and smart phone apps, a digital map emerges. Like ants in an ant-farm, every person’s digital trail will be on display before the government. Increasingly sophisticated data analytics will eventually enable the path of each individual ant to be highlighted and sorted from among the swarm.

The growing connectivity that has extended the Patriot Act’s reach into more and more aspects of our daily lives require that we revise the laws to reign in the power of government and create a meaningful, statutory right of privacy. These revelations add attention to the problem and highlight the lack of transparency over this tracking. Congress is not shocked at these revelations because they voted to create the programs and have been repeatedly brief on their use. It is the people who have been left in the dark. Given the growth of the programs and the power of the technology they employ, it is time for a more thoughtful, balanced statutory approach.

[1] Reddit.com provided the link to the 2002 New York Times article first describing what is now the Prism computer system. See http://www.reddit.com/r/technology/comments/1g3zqz/the_roots_of_prism_a_new_york_times_article_from/.

DNA Collection on Warrantless Arrests

DNA Collection on Warrantless Arrests: After Maryland v. King the U.S. Deserves neither Liberty nor Safety

Guest blog by Lindsey L. Jaeger, J.D., S.S.B.B.

Is the collection of DNA the same as collecting fingerprints and photographs, a legitimate police booking procedure under the Fourth Amendment? It is now. Yesterday, in a 5:4 decision the Supreme Court held that it is constitutional to collect DNA when officers make routine warrantless arrests supported by probable cause to hold the suspects for a serious offense.

Of course, we all want to live in a safer society. There is no doubt that DNA “may significantly improve the criminal justice system and police investigative practices…” District Attorney’s Office for Third Judicial Dist. v. Osborne, 557 U.S. 52, 55.

The Fourth Amendment provides that “[t]he right of the people to be secure in their persons…against unreasonable searches and seizures, shall not be violated.” The question is whether it is reasonable to make these intrusions. The Court seems satisfied that the Maryland DNA Collection Act meets this standard, because it takes the decision to collect DNA out of the hands of a magistrate or officer and instead requires all arrestees charged with serious crimes to be swabbed, and because the Act serves a number of legitimate governmental interests.

However, the Dissent penned by Justice Scalia, focuses on the unconstitutionality of suspicionless searches for the purpose of investigating crimes.  Justice Scalia provided a synopsis of the papers of the Founding Fathers and case history to support his point that “[n]o matter the degree of invasiveness, suspicionless searches are never allowed if their principal end is ordinary crime-solving.” See slip opinion page 36-37. “The Court’s assertion that DNA is being taken, not to solve crimes, but to identify those in the State’s custody, taxes the credibility of the credulous.” Id.at page 33.

All fifty states permit the collection of DNA from felony convicts.  Now, DNA samples are permitted to be taken after an arrest without a warrant. Obviously, an arrest does not equate to a conviction.

The Dissent doesn’t delve too deep into the invasion of privacy that a DNA test represents. Is there anything more personal than our DNA? The Electronic Frontier Foundation wrote in its amicus curiae in support of King:

Our DNA contains our entire genetic makeup – our most private information about who we are, where we come from and who we will be. DNA can be used to identify us in the narrow and proper sense of that word – “who is that?” – but it also tells the world who we are related to, what we look like, and how likely we are to get specific diseases.

Fortunately for Marylanders, the Act requires either consent or arraignment of the arrested individual before DNA can be processed or placed into a database. On its face, the Act also has a few other privacy saving graces, including a requirement that DNA samples be destroyed if there isn’t a conviction, or if the conviction is reversed or vacated and no new trial is permitted, or if the individual is granted an unconditional pardon. And fortunately for the rest of us, the Court’s holding limited the decoding of the DNA samples to identification purposes and any information collected about genetic traits are to be disregarded if discovered.

But do we trust that this is the main purpose of the Act?  Justice Scalia showed that “the entire point of [checking the DNA sample against the FBI’s] DNA database is to check crime scene evidence against the profiles of arrestees and convicts as they come in.”  After all, King was arrested in 2009 for “menacing a group of people with a shotgun”, but convicted of a rape that occurred in 2003 after his DNA matched the crime scene evidence from the John Doe aggressor. If King’s DNA was, in fact, to be used to protect the staff and the other detainees, then they would have rushed to identify King with his DNA as soon as possible, but as the Dissent points out under Maryland law, DNA cannot be processed until arraignment, which in King’s case was three days after his arrest.

So, how do you unring a bell? Can the government be trusted to destroy valuable information when it has significant interests in using it against the individual or in the aggregate against us all? We did just recently enact the Affordable Care Act. Do we have such a short memory that we don’t recall that free populaces once elected known supporters of eugenics? After Maryland v. King, we are just upstream of a “Gattaca”.

Benjamin Franklin once said, “Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.” The pendulum hasn’t just swung; it has swung off its axis.