Download - NSA Mass Spying and the Law
Rocket Matter Webinar June 26, 2014
NSA Spying
(Some of) What we know so far (Some of) the law
(Some of) What is EFF doing (Some of) What you can do
Cindy Cohn, Legal Director, EFF
Rocket Matter Webinar June 26, 2014
Public Disclosure • In 2005, NYT revealed PSP, focus on
content collection
• In 2006, USA Today revealed call-detail records program
• 2006 Mark Klein reveals access to fiberoptic cables (“upstream”)
Rocket Matter Webinar June 26, 2014
New info via Snowden (US collection)
• Confirms call records collection (June 5, 2013)
• Confirms fiberoptic collection (June 6, 2013)
• “Prism” – company collection (June 6, 2013)
• MUCH, MUCH MORE
Rocket Matter Webinar June 26, 2014
Not Snowden: Hemisphere (NYT Sept. 1 2013)
• Domestic law enforcement • AT&T embeds into DEA • Records back to 1987 • “Parallel Construction”
Rocket Matter Webinar June 26, 2014
Phone Records Collection • “all call detail records or ‘telephony metadata’
created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.”
• Originating and terminating phone nos., IMSI #, IMEI #, trunk identifier, telephone calling card numbers, and time and duration of call
• Renewed every 90 days, kept 5 years
Rocket Matter Webinar June 26, 2014
Section 215 of Patriot Act • Section 215 amended FISA to allow
orders to produce “tangible things” • Must be “relevant to an authorized
investigation (other than a threat assessment)”
• No broader than a Grand Jury Subpoena
Rocket Matter Webinar June 26, 2014
Gov’t Attempts to Explain • Need a big haystack to go back in time
and “connect the dots” • No identity
– NSA may have access to phone books • No location information
– “under this program” - Wyden • 300 selectors + 3 hops
– ACLU says 2.4 million/govt 64,000 per selector (now 2 hops)
Rocket Matter Webinar June 26, 2014
Why Metadata Matters • You rang a phone sex service at 2:24 am and
spoke for 18 minutes.. • You called the suicide prevention hotline from
the Golden Gate Bridge. • You spoke with an HIV testing service, then
your doctor, then your health insurance company in the same hour.
• Felten declaration in ACLU v. Clapper
Rocket Matter Webinar June 26, 2014
Phone Records Cases • Klayman v. Obama (DC Circuit) • ACLU v. Clapper (2nd Circuit) • Smith v. Obama (9th Circuit) • EFF:
– First Unitarian Church of Los Angeles v. NSA
– Jewel v. NSA (since 2008!)
Rocket Matter Webinar June 26, 2014
Fiber-Optic Splitters • The “splitter cabinet” splits the light
signals in two, making two identical copies of the data carried on the light signal – One copy goes to the NSA
• Mark Klein & Room 641A
Rocket Matter Webinar June 26, 2014
Rocket Matter Webinar June 26, 2014
FISA Amendment Act • Section 702 was passed in 2008, and
the government relies on this for the collection of content.
• Targeting and Minimization docs – Aimed foreign targets – Encrypted information kept forever – Can “Tip” the FBI on criminal (and maybe
IRS, DEA and others)
Rocket Matter Webinar June 26, 2014
Fourth Amendment • Response to General Warrants/Writs of
Assistance • First question: is it a search or seizure
– Govt says no if metadata – Smith case • If Search then
– Probable cause (person or group) – Particularity
Rocket Matter Webinar June 26, 2014
"the child independence was then and there born,[for] every man of an immense crowded audience appeared to me to go away as I did, ready to take arms against writs of assistance." - John Adams
Rocket Matter Webinar June 26, 2014
First Amendment • Right of Association
– NAACP v. Alabama – Prop 8 case
• If likely chilling effect – Then must show “least restrictive means”
and “narrow tailoring” • Govt says doesn’t apply if not aimed at
associations
Rocket Matter Webinar June 26, 2014
Turning upside down • Collect everything first and analyze
– Phone records – Prism/Upstream
• Sort out what you actually need second – 215: RAS: reasonable articulable suspicion – 702: 51% sure is foreign
• As long as “target” is foreign, OK to analyze data that includes Americans and innocent foreigners
Rocket Matter Webinar June 26, 2014
Word Games • Collect • DNI McConnell: “We may not know that
it is in the database until we have some reason to go query that portion of the database”
• Data ≠ “Metadata • Conversations/Communications • Targeting • No. Not Wittingly
Rocket Matter Webinar June 26, 2014
Sabotage – Bullrun 5 Sept 2013
• “Insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communications devicees used by targets”
• "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs"
• “Shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptoanalytic capabilities being developed by NSA/CSS
• "These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact.”
• “influence policies, standards and specifications for commercial public key technologies”
Rocket Matter Webinar June 26, 2014
What is EFF doing? • Litigation
– Jewel v. NSA (filed in 2008) – First Unitarian v. NSA (filed last month) – EFF v. DOJ (FOIA cases, 215 and FISC) – Support for criminal cases
Rocket Matter Webinar June 26, 2014
Legislation and Activism • Built multi-partisan coalition
– Delivered over half-million signatures to Congress in October
– Interpret for public • Commenting on drafts
• Feinstein/Rogers • USA Freedom
Rocket Matter Webinar June 26, 2014
International • 13 Principles (necessaryandproportionate.net)
– Around 300 organizations worldwide – UN Special Rapporteurs – Now picked up by Germany/Brazil
governments • Legal processes
– ECHR complaint – OAS hearing
Rocket Matter Webinar June 26, 2014
Technology
• Still to be done: Ease of use – End to end in phones, text message, the
web, email instant messaging, social networking, disk drives, flash memory, “data at rest”
• Shore up crypto tools against sabotage
Rocket Matter Webinar June 26, 2014
You • Pay attention, Activate, Share, Vote
– Activism is an open source project • Use the tools • Help with the technology projects • If you don’t want to live in a surveillance
state, stop building the tools of it