The US routinely shares private information about its citizens of Arab and Palestinian descent with Israel, the New York Times revealed yesterday.
In an Op-Ed in the newspaper, James Bamford said that the former National Security Agency (NSA) contractor Edward Snowden told him that the US “routinely passed private, unedited communications to Israel”.
Documents leaked by Snowden reveal that the US passes on “unevaluated and unminimised transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content,” to Unit 8200, an elite Israeli intelligence department.
He said the intercepts included communications of Arab and Palestinian-Americans, whose relatives in Israel and the Palestinian territories could become targets based on the information.
Whistleblower Snowden said this is ”one of the biggest abuses we’ve seen”, Bamford reported.
Bamford cited a memorandum of understanding between the NSA and Unit 8200 outlining transfers that have occurred since 2009.
Snowden, a former NSA contractor, is wanted by the US on espionage charges after leaking thousands of secret NSA documents.
He claimed asylum in Russia, where he has been granted a three-year residency that allows him to travel abroad.
Global Information Society Watch | September 2014
Years before Edward Snowden leaked his first document, human rights lawyers and activists have been concerned about a dramatic expansion in law enforcement and foreign intelligence agencies’ efforts to spy on the digital world. It had become evident that legal protections had not kept pace with technological – that the state’s practical ability to spy on the world had developed in a way that permitted it to bypass the functional limits that have historically checked its ability to spy. These concerns culminated in the International Principles on the Application of Human Rights to Communications Surveillance, a set of principles intended to guide policymakers, activists and judges to better understand how new surveillance technologies have been eating away at our fundamental freedoms and how we might bring state spying back in line with human rights standards.
Over a year and a half in the making, the final version of the Principles appeared on July 20, 2013, the first weeks of what we might call the Snowden era. An updated version was issued in May 2014. The Snowden revelations, once they started rolling in, affirmed the worst of our concerns. Intelligence services as well as law enforcement had taken it upon themselves to spy on us all, with little consideration for the societal effects. Lawmakers and even the executive had little comprehension of the capabilities of their own spymasters, and how our digital networks were being turned against all individuals everywhere. The need for the Principles was confirmed in spades, but the long and difficult job of applying them to existing practices was just beginning.
Since then, the Principles have, we hope, been a lodestar for those seeking solutions to the stark reality exposed by Snowden: that, slipping through the cracks of technological developments and outdated legal protections, our governments have adopted practices of mass surveillance that render many of our most fundamental rights effectively meaningless. The Principles have been signed by over 470 organizations and individual experts, by over 350,000 individuals throughout the world, and endorsed by the United Kingdom’s Liberal Democratic Conference, as well as European, Canadian, and German parliamentarians.The Principles have played a central guiding role in a number of the rigorous debates on the need to limit states’ increasingly expansive surveillance capacities. Their impact is already evident in, for example, the United States’ President Review Group on Intelligence and Communications Technologies report, the Inter-American Commission on Human Rights report and the the United Nations High Commissioner for Human Rights’ recent report on the right to privacy in the digital age. Their influence has also manifested in some of the administrative, legislative and administrative attempts to address surveillance problems post-Snowden. Perhaps most importantly, they have functioned as a rallying point for campaigning and advocacy initiatives around the world.
Below, we spell out some of the key features of the Principles. A more detailed explanation of the legal grounding for our conclusions in human rights jurisprudence can be found in a Legal Analysis and Background Materials document generated in support of the Principles.
Core Definitions in International Human Rights Law
The Principles begin with defining two core concepts that spell out the “what” and the “how” of measured surveillance. The first concept focuses on the type of data to be protected, while the second one ensures that a broad range of surveillance activity constitutes an interference with privacy rights. Outdated definitions of these two terms have led to expansive surveillance practices, as wide swaths of sensitive data or surveillance activities have been deemed outside the scope of legal protections. These definitional changes are designed to re-focus privacy protections away from artificial examinations of the kind of data or method of interference, and back on the ultimate effect on the privacy of the individual.
The Principles make clear that it’s time to move beyond the fallacy that information about communications does not pose as serious a threat to privacy as the content of communications. Information about communications, also called metadata, subscriber information or non-content data, can include the location of your cell phone, clickstream data, search logs, or anonymous online activity. Individually, these can be just as invasive as reading your email or listening to your phone calls. When combined and analyzed en masse, the picture painted by such data points can be far more revealing than the content of the communications they accompany. In spite of this reality, pre-Internet age (in fact, postal service-based!) legal conceptions have persisted in some legal systems, offering less or, in some instances, no protection at all to information that is not classified as ‘content’. What is important is not the kind of data is collected, but its effect on the privacy of the individual.
As explained in Legal Analysis and Background Materials which have been prepared for the Principles:
“The Principles use the term “protected information” to refer to information (including data) that ought to be fully and robustly protected, even if the information is not currently protected by law, is only partially protected by law, or is accorded lower levels of protection. The intention, however, is not to make a new category that itself will grow stale over time, but rather to ensure that the focus is and remains the capability of the information, alone or when combined with other information, to reveal private facts about a person or her correspondents. As such, the Principles adopt a singular and all-encompassing definition that includes any information relating to a person’s communications that is not readily available to the general public.”
This concern has been addressed by the latest report of the Office of the High Commissioner for Human Rights, who made clear that:
“From the perspective of the right to privacy, this distinction between [content and metadata] is not persuasive. The aggregation of information commonly referred to as “metadata” may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication.”
Given the revealing nature of metadata and content alike, states should be restrained from unchecked interference with any protected information: from revealing a speaker’s identity if it is not public; from wantonly vacuuming up the websites or social media one has visited; from stockpiling information on all the people one has communicated with; and tracking the ‘when’, ‘from where’, and ‘for how long’ of all our digital activities. In the pre-Internet age, the much more limited amount and kind of “metadata” available to law enforcement was treated as less sensitive than content, but given current communications surveillance capabilities, this can no longer be the case.
Communication Surveillance: Much of the expansive state surveillance practices confirmed during the past year depend on confusion over whether actual “surveillance” has occurred and thus whether human rights obligations even apply. Some have suggested that if information is merely collected and kept but not looked at by humans, no privacy invasion has occurred. Others argue that computers analysing all communications in real-time for key words and other selectors does not amount to “surveillance” for purposes of triggering legal privacy protections. Still others seek to reduce privacy protections to ‘harmful uses’ of information. Such legal variations can mean the difference between reasonable and carefully targeted investigations and a surveillance state built on the continuous mass surveillance of everyone.
In the digital age, where the most sensitive portions of our lives are constantly communicated over digital networks, it has never been more important to ensure the integrity of our communications. It means little whether the interference takes the form of real-time monitoring of Internet transmission, hacking into individuals’ mobile devices, or mass harvesting of stored data from third party providers. The mere recording of Internet transactions – even if ultimately unviewed – can have serious chilling effects on the use of our most vital interactive medium. We have to ensure that all acts of communications surveillance are within the scope of human rights protections and, hence, are “necessary and proportionate”.
On this front, the Office of the High Commissioner for Human Rights (OHCHR) report, made clear that:
“any capture of communications data is potentially an interference with privacy and, further, that the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association.”
To remedy this issue, the Principles define “communications surveillance” as encompassing the monitoring, interception, collection, analysis, use, preservation and retention of, interference with, or access to information that includes, reflects, or arises from or a person’s communications in the past, present or future.
Scope of Application
The Principles also address a long-standing problem arising from narrow interpretations adopted by some states regarding the extraterritorial application of their human rights obligations. Some have argued that the obligation to respect privacy and other human rights of individuals effectively stops at their national borders. In a world of highly integrated digital networks, where individual interactions and data routes defy any semblance of territorial correspondence, such distinctions are meaningless. The Principles therefore apply to surveillance conducted within a state or extraterritorially, and regardless of the purpose for the surveillance – including enforcing law, protecting national security, gathering intelligence, or another governmental function.
The OHCHR’s report explicitly underscores the principle of non-discrimination:
“Article 26 of the International Covenant on Civil and Political Rights provides that all persons are equal before the law and are entitled without any discrimination to the equal protection of the law” and, further, that “in this respect, the law shall prohibit any discrimination and guarantee to all persons equal and effective protection against discrimination on any ground such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.”
In this regard, the OHCHR’s report has underscored its importance:
“measures to ensure that any interference with the right to privacy complies with the principles of legality, proportionality and necessity regardless of the nationality or location of individuals whose communications are under direct surveillance.”
The 13 Principles
The substantive Principles are firmly rooted in well-established human rights law. Generally, any limits on human rights should be necessary, proportionate and for a set of permissible purposes. These limits must be set out in law, and cannot be arbitrary.
Under international human rights law, each right are divided in two parts. The first paragraph sets out the core of the right, while the second paragraph sets out the circumstances in which that right may be restricted or limited. This second paragraph is usually called the “permissible limitations” test.
Regarding the right to privacy, the UN Special Rapporteur on Counter-Terrorism and the UN Special Rapporteur on Freedom of Expression have stated that the “permissible limitations” test under Article 19 of the International Covenant on Civil and Political Rights among other articles are equally applicable to Article 17 of the International Covenant on Civil and Political Right
The OHCHR report has neatly summarized these obligations with respect ot Article 17 of the International Covenant on Civil and Political Rights (ICCPR), which prohibits the arbitrary or unlawful interference with privacy rights
“To begin with, any limitation to privacy rights reflected in article 17 must be provided for by law, and the law must be sufficiently accessible, clear and precise so that an individual may look to the law and ascertain who is authorized to conduct data surveillance and under what circumstances. The limitation must be necessary for reaching a legitimate aim, as well as in proportion to the aim and the least intrusive option available…Any limitation placed on the right (an interference with privacy, for example, for the purposes of protecting national security or the right to life of others) must be shown to have some chance of achieving that goal. The onus is on the authorities seeking to limit the right to show that the limitation is connected to a legitimate aim. Furthermore, any limitation to the right to privacy must not render the essence of the right meaningless and must be consistent with other human rights, including the prohibition of discrimination. Where the limitation does not meet these criteria, the limitation would be unlawful and/or the interference with the right to privacy would be arbitrary.”
Legality – No Secret Laws: The principle of legality is a fundamental aspect of all international human rights instruments and the rule of law. It is a basic guarantee against the state’s arbitrary exercise of its powers. For this reason, any restriction on human rights must be prescribed by law. The meaning of “law” implies certain minimum qualitative requirements of clarity, accessibility, and predictability. Laws limiting human rights cannot be secret or vague enough to permit arbitrary interference.
On that front, the Office of the High Commissioner on Human Rights made clear that:
“To begin with, any limitation to privacy rights reflected in article 17 must be provided for by law, and the law must be sufficiently accessible, clear and precise so that an individual may look to the law and ascertain who is authorized to conduct data surveillance and under what circumstances.”
The need to meaningfully and publicly explain rights-infringing practices—while important in all contexts—is key to any effective check on communications surveillance as such practices tend to be surreptitious and difficult to uncover. Given the highly technical and rapidly evolving nature of communications surveillance, it is also incumbent that laws are interpreted publicly and not through secret processes effectively free from public scrutiny. The state must not adopt or implement a surveillance practice without public law defining its limits. Moreover, the law must meet a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of, and can foresee, its application. When citizens are unaware of a law, its interpretation, or the scope of its application, it is effectively secret. A secret law is not a legal limit on human rights.
In her landmark report Pillay made clear that:
“Secret rules and secret interpretations even secret judicial interpretations of law do not have the necessary qualities of “law”. Neither do laws or rules that give the executive authorities, such as security and intelligence services, excessive discretion; the scope and manner of exercise of authoritative discretion granted must be indicated (in the law itself, or in binding, published guidelines) with reasonable clarity. A law that is accessible, but that does not have foreseeable effects, will not be adequate. The secret nature of specific surveillance powers brings with it a greater risk of arbitrary exercise of discretion which, in turn, demands greater precision in the rule governing the exercise of discretion, and additional oversight.”
Laws should only permit communications surveillance by specified State authorities to achieve a Legitimate Aim that corresponds to a predominantly important legal interest that is necessary in a democratic society.
Under international human rights law, any restriction on our fundamental freedoms must generally pursue a permissible purpose or “legitimate aim.” These purposes or aims are often enumerated within the Article itself. The Principles therefore require that communications surveillance only be undertaken in pursuit of a predominantly important legal interest. Such interests have been described by Germany’s highest court as “the life, limb and freedom of the individual or such interests of the public a threat to which affects the basis or continued existence of the state or the basis of human existence.”
Regarding the right to privacy, the UN Special Rapporteur on Counter-Terrorism and the UN Special Rapporteur on Freedom of Expression have stated that the “permissible limitations” test under Article 19 of the International Covenant on Civil and Political Rights among other articles are equally applicable to Article 17 of the International Covenant on Civil and Political Rights, which prohibits arbitrary interference with the right to privacy.
The Office of the High Commissioner on Human Rights has similarly affirmed, in its 2014 Report, that “any limitation to privacy rights reflected in article 17 must be necessary for reaching a legitimate aim”. The Report elaborates:
“Surveillance on the grounds of national security or for the prevention of terrorism or other crime may be a “legitimate aim” for purposes of an assessment from the viewpoint of article 17 of the Covenant. The degree of interference must, however, be assessed against the necessity of the measure to achieve that aim and the actual benefit it yields towards such a purpose.”
Finally, communications surveillance cannot be employed in a manner that discriminates on the basis of grounds such as race, colour, sex, language religion or national origin, as such discrimination constitutes an illegitimate purpose.
Necessity, Adequacy and Proportionality
International human rights law makes clear that any interference with our fundamental freedoms must be “necessary in a democratic society”. In its General Comments No. 27, the Human Rights Committee clearly indicates that it is not sufficient that such restrictions serve a legitimate aim, they must also be necessary to it. Restrictive measures must also be adequate or appropriate to achieving their protective function. They must also be the least intrusive options amongst those which might be expected to achieve the desired result, and they must be proportionate to the interest to be protected. Finally, any restrictive measure which undermines the essence or core of a right is inherently disproportionate and a violation of that right.
Applying these foundational principles to the context of communications surveillance, the Principles affirm that:
Necessity: Often, a surveillance objective might be achieved using far less intrusive mechanisms. While it is by no means necessary to exhaust other options, it should be recognized the communications surveillance is inherently invasive and should not be a tool of first recourse.
Adequacy: It is not sufficient to show that a given surveillance practice is necessary for achieving a given objective, it must also be adequate and appropriate to it. As noted by the High Commissioner, at minimum, communications surveillance which interferes with privacy “must be shown to have some chance of achieving [its] goal.”
Proportionality: Communications surveillance should be regarded as a highly intrusive act that interferes with human rights and poses a threat to the foundations of a democratic society. Communications surveillance for investigative purposes, in particular, should only occur once the state has convinced an objective third party – a judge – that a serious threat to a legitimate interest exists and that the communications mechanism in question will yield information that will assist with that serious threat.
No voluntary cooperation:
Current digital networks and interactions entrust vast amounts of personal and sensitive data in the hands of a wide range of third party intermediaries, including ISPs, email providers, hosting companies and others. Through their discretionary decisions to comply (or not) with state surveillance requests, these intermediaries can dramatically impact on the privacy rights of all. Such voluntary sharing bypasses due process and poses a serious threat to the rule of law. The Necessary and Proportionate principles therefore prohibit any state communications surveillance activities in the absence of judicial authorization.
Contrary to many official statements, the modern reality is that state intelligence agencies are involved in a much broader scope of activities than simply those related to national security or counterterrorism. The Necessary and Proportionate Principles state that communications surveillance (including the collection of information or any interference with access to our data) must be proportionate to the objective they are intended to address. And equally importantly, even where surveillance is justified by one agency for one purpose, the Principles prohibit the unrestricted reuse of this information by other agencies for other purposes.
The Office of the High Commissioner for Human Rights report also emphasized that point:
“The report explained that the absence of effective use limitations has been exacerbated since September 11, 2001, with the line between criminal justice and protection of national security blurring significantly. The resultant sharing of data between law enforcement agencies, intelligence bodies and other State organs risks violating Article 17 of the Covenant on Civil and Political Rights, because surveillance measures that may be necessary and proportionate for one legitimate aim may not be so for the purposes of another.”
Integrity of Communications And Systems:
No law should impose security holes in our technology in order to facilitate surveillance. Undermining the security of hundreds of millions of innocent people in order to ensure surveillance capabilities against the very few bad guys is both overbroad and short-sighted, not least because malicious actors can use these exploits as readily as state agents. The assumption underlying such provisions—that no communication can be truly secure—is inherently dangerous, akin to throwing out the baby with the bathwater. It must be rejected.
The Office of the High Commissioner for Human Rights report supports that conclusion, stating that:
“The enactment of statutory requirements for companies to make their networks “wiretap-ready” is a particular concern, not least because it creates an environment that facilitates sweeping surveillance measures.”
Notification And Right To An Effective Remedy
Notification must be the norm, not the exception. Individuals should be notified that access to their communications has been authorized with enough time and information to enable them to appeal the decision, except when doing so would endanger the investigation at issue. Individuals should also have access to the materials presented in support of the application for authorisation. The notification principle has become essential in fighting illegal or overreaching surveillance. Any delay in notification has to be based upon a showing to a court, and tied to an actual danger to the investigation at issue or harm to a person.
Before the internet, the police would knock on a suspect’s door, show their warrant, and provide the individual a reason for entering the suspect’s home. The person searched could watch the search occur and see whether the information gathered went beyond the scope of the warrant. Electronic surveillance, however, is much more surreptitious. Data can be intercepted or acquired directly from a third party such as Facebook or Twitter without the individual knowing. Therefore, it is often impossible to know that one has been under surveillance, unless the evidence leads to criminal charges. As a result the innocent are the least likely to discover their privacy has been invaded. Indeed, new technologies have even enabled covert remote searches of personal computers and other devices. Any delay in notification has to be based upon a showing to a court, and tied to an actual danger to the investigation at issue or harm to a person.
The OHCHR report lays out four characteristics that effective remedies for surveillance-related privacy violations must display:
“Effective remedies for violations of privacy through digital surveillance can thus come in a variety of judicial, legislative or administrative forms. Effective remedies typically share certain characteristics. First, those remedies must be known and accessible to anyone with an arguable claim that their rights have been violated. Notice (that either a general surveillance regime or specific surveillance measures are in place) and standing (to challenge such measures) thus become critical issues in determining access to effective remedy. States take different approaches to notification: while some require post facto notification of surveillance targets, once investigations have concluded, many regimes do not provide for notification. Some may also formally require such notification in criminal cases ; however , in practice , this structure appears to be regularly ignored.”
The 2014 OHCHR report continues, stressing the importance of a “prompt, thorough and impartial investigation”; a need for remedies to actually be “capable of ending ongoing violations”; and noting that “where human rights violations rise to the level of gross violations…as criminal prosecution will be required”.
Safeguards for International Cooperation:
Privacy protections must be consistent across borders at home and abroad. Governments should not bypass national privacy protections by relying on secretive informal data sharing agreements with foreign states or private international companies. Individuals should not be denied privacy rights simply because they live in another country from the one that is surveilling them. Where data is flowing across borders, the law of the jurisdiction with the greatest privacy protections should apply.
More to Be Done: The Necessary and Proportionate Principles provide a basic framework for governments to ensure the rule of law, oversight and safeguards. They also call for accountability, with penalties for unlawful access and strong and effective protections for whistleblowers. They are starting to serve as a model for reform around the world and we urge governments, companies, NGOs and activists to use them to structure necessary change.
But while the Principles are aimed at governments, government action isn’t the only way to combat surveillance overreach. All of the communications companies, Internet and telecommunications alike, can help by securing their networks and limiting the information they collect and retain. Online service providers should collect the minimum amount of information for the minimum time that is necessary to perform their operations, and to effectively obfuscate, aggregate and delete unneeded user information. This helps them in their compliance burdens as well: if they collect less data, there is less data to hand over to the government. Strong encryption should be adopted throughout the entire communications chain and, where possible, for data in storage.
It’s clear that under the cloak of secrecy, malfunctioning oversight and the limited reach of outdated laws, the practice of digital surveillance in countries from the far north to the far south, have overrun the bounds of human rights standards. We all hope to see activists around the world showing exactly where a country has crossed the line, and how its own policymakers and the international community might rein it back. We must call for surveillance reform to ensure that our national surveillance laws and practices comply with human rights standards and to ensure cross-border privacy are in place and effectively enforced. Working together, legal plus technical efforts like deploying encryption, decentralization of services and limiting information collected, can serve as a foundation for a new era of private and secure digital communications.
- International Principles on the Application of Human Rights to Communications Surveillance, updated July 2014 https://neccessaryandproportionate.org/text
- EFF, Article19: Legal Analysis and Background Materials: International Principles on the Application of Human Rights to Communications Surveillance, May 2014 https://en.necessaryandproportionate.org/LegalAnalysis
- The Right to Privacy in the Digital Agehttp://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx
- Report of the High Commissioner for Human Rights on the right to privacy in the digital age
- Annual Report of the Inter-American Commission on Human Rights 2013. Annual Report of the Office of the Special Rapporteur for Freedom of Expression http://www.oas.org/en/iachr/expression/docs/reports/2014_04_22_%20IA_2013_ENG%20_FINALweb.pdf
- Human Rights Committee, General Comment 27, Freedom of movement (Art.12), U.N. Doc CCPR/C/21/Rev.1/Add.9 (1999).
- UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms While Countering Terrorism, A/HRC/13/37
- UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, A/HRC/23/40
IRS Claims Two Years Of Emails Were Destroyed In A ‘Computer Crash;’ Congressman Asks The NSA To Supply ‘Missing’ Email Metadata
The IRS is currently being investigated by Congress for some possibly politically-motivated “attention” it directed towards “Tea Party” and other conservative groups that operated as tax-exempt entities. Along the way, IRS official Lois Lerner, who was the first to publicly disclose the inappropriate targeting, was also one of the first government officials to plead the Fifth (twice) in government hearings.
The Congressional investigation demanded copies of Lois Lerner’s emails from the IRS. Some were turned over to the House Ways and Means Committee, but not everything it sought. Now, the IRS is telling the committee that it’s not going to get everything it asked for.
The IRS has told Congress that it lost more than two years’ worth of emails involving former IRS official Lois Lerner, due to a computer crash.
House Ways and Means Committee Chairman Dave Camp (R-Mich.) on Friday said it was “unacceptable” that he was just learning of this problem now, after a lengthy investigation into Lerner’s involvement in the IRS targeting scandal.
Camp points out that the IRS withheld these emails for over a year before suddenly “discovering” they were unavailable. The IRS says it can find everything Lerner sent to and received from other IRS employees but nothing containing correspondence with those outside the agency.
Obviously, this convenient “computer crash” has generated a lot of skepticism. For one thing, a “computer crash” doesn’t really have the power to destroy electronic communications. Email is almost always stored somewhere else other than the local user’s computer. And even if the IRS meant a “server crash” instead of a “computer crash,” any decent server system contains multiple levels of redundancy.
The Blaze sought input from Norman Cillo, a former Microsoft project manager, who presented six reasons why he believes the IRS is lying about its inability to recover these emails. Number one on the list seems to be the most applicable.
I believe the government uses Microsoft Exchange for their email servers. They have built-in exchange mail database redundancy. So, unless they did not follow Microsoft’s recommendations they are telling a falsehood.
The IRS’s own policies on email state that its employees use both Microsoft Outlook and Exchange, which means it should have some form of backup available.
Secure Messaging enrollment is an automated process for all LAN accounts with an Exchange mailbox in IRS. You can find the instructions for configuring the Outlook client to use the certificates at the Secure Enterprise Messaging Systems (SEMS) web site: http://documentation.sems.enterprise.irs.gov/.
According to Cillo, the only other explanation for the IRS’s inability to recover these emails is that the agency is “totally mismanaged and has the worst IT department ever.” Unfortunately, the government seems to have a lot of mismanaged and terrible IT departments, so this may be closer to the truth than anyone would really like to admit. Perhaps the general ineptitude of large government agencies is behind the Treasury Department’s policy that all email sent to or from IRS employees be “archived” via hard copy printouts.
If you create or receive email messages during the course of your daily work, you are responsible for ensuring that you manage them properly. The Treasury Department’s current email policy requires emails and attachments that meet the definition of a federal record be added to the organization’s files by printing them (including the essential transmission data) and filing them with related paper records. If transmission and receipt data are not printed by the email system, annotate the paper copy.
There’s more information here, citing the IRS’s own internal guidelines on tape backups, etc., that suggest further levels of redundancy, as well as the commissioner of the IRS testifying that the agency stores its emails on servers.
Critics believe the IRS has simply “vanished” the crucial emails in order to cut Lerner adrift and make it appear she acted alone. Any evidence that would tie outside government agencies (including the administration itself) into this situation has been deemed unrecoverable. Supposedly, there should be paper copies of the missing emails, but no one in Congress has requested these and the IRS certainly isn’t offering to look.
But one Congressman thinks he has a solution to the missing email dilemma. Steve Stockman (last seen here threatening to bring a defamation lawsuit against someone who uttered true facts about his criminal past) knows some people who have a whole lot of email data just laying around.
“I have asked NSA Director Rogers to send me all metadata his agency has collected on Lois Lerner’s email accounts for the period which the House sought records,” said Stockman. “The metadata will establish who Lerner contacted and when, which helps investigators determine the extent of illegal activity by the IRS.”
Yeah, let me know how that works out for you, Steve. The NSA can’t even confirm or deny its monthly water usage at its Utah data site, much less that it has metadata pertaining to Americans’ communications.
[Sidebar: I do really love the fact that this sort of thing is becoming increasingly common -- the use of the NSA as the backup-of-last-resort for phone/email/internet communications data. If anyone claims it can't find email X or phone record Y, someone's going to say, "Hey, I'll bet the NSA has a copy!" Hilarious. The NSA will never again be allowed to pretend it doesn't harvest data on American citizens.]
The whole letter, which begins with some light ass-kissing of new NSA director Michael Rogers (“thank you for your 33 years of, and continued service to, our country...”) and closes with a bit of grandstanding, surreally asking “the Agency” to send all relevant metadata on the missing Lerner emails to “Donny@mail.house.gov.” All in all, probably one of the most incongruous demands the NSA has ever received, a letter which conjures up the image of a late-night meeting in an underground parking garage, with sunglassed NSA liaisons handing over a briefcase full of metadata to a 19-year-old intern dressed in his dad’s suit.
It’s pretty hard to shake the impression that this is a coverup. As always, the specter of pure ineptitude lurks in the background, as it often does when large bureaucracies tangle with technology. But until the IRS presents further evidence detailing how exactly these emails went missing, it’s safe to assume there’s been an active effort made to cover up government impropriety.
China’s Foreign Ministry Spokeswoman Hua Chunying
China has dismissed the recent allegation by the US that the Chinese military has been involved in hacking a US security firm, describing Washington’s approach on the issue as unconstructive.
A private US cyber security firm accused a unit of China’s military on Monday of hacking attempts to access information on US satellite and aerospace programs, Xinhua reported.
China’s Foreign Ministry Spokeswoman Hua Chunying rejected the allegation at a press briefing on Tuesday.
“I have noticed the report you mentioned, its wording and style looks familiar, citing the names of the hackers and their claims of their military identity,” she said, responding to a question about US reports alleging Chinese hacking attempts. “Have you ever seen thieves bearing a name tag saying ‘thieves?’” she said.
Washington had issued an indictment against five Chinese military officers on charges of cyber theft earlier on May 19.
The Chinese Foreign Ministry spokeswoman further challenged the integrity of the US allegations against her country, referring to the massive American espionage efforts across the globe as part of its PRISM program under the US National Security Agency (NSA).
The program, which was revealed by former NSA contract employee Edward Snowden in 2013, showed that the US was spying on the phone and email communications of top world leaders, including those of Washington’s allied countries as well as China.
“The US is a hacking empire,” Hua said. “It is not constructive for the US to attack others instead of repenting and correcting its own mistakes.”
The Chinese official further pointed out that cyber attacks are a global challenge – transnational and anonymous in nature – requiring cooperation among all countries to be countered.
The German government has been trying to avoid upsetting either the US by denouncing the large-scale surveillance being carried out by the NSA in its country, or the German people by not denouncing it. It finds itself in the same quandary as regards opening a formal investigation into the spying, which is probably why it has held off for so long. But now, the German authorities have come up with a sort of compromise, as GigaOM reports:
Germany’s federal prosecutor has launched the country’s first formal investigation into the activities of the NSA in Germany, specifically the U.S. intelligence agency’s reported bugging of Chancellor Angela Merkel’s mobile phone.
Harald Range said on Wednesday that the other potential avenue of investigation — that of the surveillance of the German people — remained open, though no investigation was being launched yet due to a lack of evidence.
Leaving aside the question just how much evidence the federal prosecutor needs before he investigates whether the German people have been subjected to US surveillance — a signed confession from President Obama perhaps? — the other issue here is the astonishing lack of sensitivity this move displays. The German government seems to be saying that spying is outrageous and must be investigated immediately if it’s directed against the powerful; but if it’s against the little people, then, well, sorry: we need more evidence before we could possibly risk upsetting the US.
A federal judge who ordered the National Security Agency to retain all records of its secret telephone surveillance related to an ongoing case has reversed the order – just a day after it was issued.
“In order to protect national security programs, I cannot issue a ruling at this time. The Court rescinds the June 5 order,” US District Judge Jeffrey White said from the bench on Friday.
The NSA had been prohibited from destroying any of its records of communications surveillance on Thursday – specifically under the government’s Section 702 program.
Section 702 of the Foreign Intelligence Surveillance Act (FISA) has been used by the NSA to justify widespread collection of phone calls and emails.
White first ordered that the agency retain records in March, to which the NSA responded that it was legally obliged to destroy all documents after a five year period.
White issued the temporary restraining order (TRO) in March to prevent the destruction of evidence. However, on Thursday, EFF filed an emergency motion, stating that in the past week interactions with government lawyers demonstrated that the destruction of records had continued.
Records could form a basis of evidence for two pending lawsuits posing a challenge to the surveillance program. One was filed by AT&T customers and the other by 23 Californian organizations.
The case – Jewel v. NSA the Electronic Frontier Foundation (EFF) sued the NSA and other government agencies on behalf of AT&T customers.
The Friday hearing saw lawyers from the Electronic Frontier Foundation (EFF) going up against lawyers from the Department of Justice.
The case has stagnated in the court system for several years. In 2008, the original complaint was filed against AT&T and the government, which it was alleged, was involved in “illegal and unconstitutional program of dragnet communications surveillance conducted by the National Security Agency and other Defendants in concert with major telecommunications companies.”
Evidence pre-dated Snowden’s revelations in June 2013, and was based on evidence from former San Francisco AT&T technician Mark Klein in 2006.
“I don’t want the preservation effects to get in the way of national security, but I don’t want national security to checkmate our case,” Cindy Cohn, an EFF attorney, told the court, reported arstechnica.
Justice department lawyers sought a stay. They argued that phone records and internet programs were separate. Section 702 allows the government access to emails and Facebook messages. The lawyers said that their compliance would put the program at risk.
Remember When Venezuela and Bolivia Kicked the U.S. DEA Out of Their Countries, Accusing It of Espionage? Looks Like They Were Right…
In their latest article on U.S. government spying for The Intercept, Ryan Devereaux, Glenn Greenwald and Laura Poitras review and publish leaked documents that show that the U.S. government may have used the Drug Enforcement Administration (DEA) to aid the National Security Agency (NSA) to spy on U.S. citizens and non-citizens in foreign countries. The NSA is shown to have assisted the DEA with efforts to capture narcotraffickers, but the leaked documents also refer to “a vibrant two-way information sharing relationship” between the two intelligence agencies, implying that the DEA shares its information with the NSA to aid with non-drug-related spying. This may explain how the NSA has gathered not just metadata but also the full-take audio from “virtually every cell phone conversation on the island nation of the Bahamas.”
The authors write,
The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe.
But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.”
What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”
While the documents accompanying the article reveal detailed information that has never before been available to the public, this is not the first time that the DEA has faced allegations of spying.
In 2005, President Hugo Chávez of Venezuela stopped cooperating with the DEA after accusing it of espionage in his country. At the time, a State Department spokesperson responded by saying, “the accusations that somehow the Drug Enforcement Agency is involved in espionage are baseless. There’s no substance or justification for them.” Using arguments that would change very little over the next nine years, a State Department official said at the time, “I think it’s pretty clear to us that the motivation for this is not the accusation itself or not what they state is the problem. The motivation is an effort to detract from the government’s increasingly deficient record of cooperation.”
Three years later, President Evo Morales expelled the DEA from Bolivia saying, “there were DEA agents who worked to conduct political espionage.” He also said, “we can control ourselves internally. We don’t need any spying from anybody.” The State Department spokesperson said in response, “the charges that have been made are just patently absurd. We reject them categorically”, and the news agency EFE reported that “Washington has repeatedly denied that the DEA has been involved in any activities in Bolivia apart from the war on drugs.”
Few of the press reports from 2005 or 2008 took these accusations seriously, and the State Department dismissed the allegations categorically, but in 2008, CEPR’s co-director Mark Weisbrot wrote that “To the Bolivians, the U.S. is using the “war on drugs” throughout Latin America mainly as an excuse to get boots on the ground, and establish ties with local military and police forces.” To this list, we can now add access to national phone and communication networks, and storage of the content of phone calls.
Mike Rogers’ Plan To ‘Stop’ Bulk Collection Of Phone Records Riddled With Dangerous Loopholes That Will Expand Surveillance
Now that people have had a chance to go through the proposal by Reps. Mike Rogers and Dutch Ruppersberger to “stop” the bulk phone record collection under Section 215 of the Patriot Act, they’re finding more and more things to be concerned about. We had noted some potential easter eggs in there for law enforcement, but the deeper people look, the worse it gets. Trevor Timm notes that the bill is really a trojan horse to expand surveillance capabilities, while pretending to end them.
Curiously, a large majority of the House bill focuses on new ways for the government to collect data from “electronic communications service providers” – also known as the internet companies. Why is a bill that’s supposedly about ending bulk collection of phone-call data focused on more collection of data from internet companies?
From there, we turn to Julian Sanchez, who has given one of the most thorough explanations of what’s actually in the bill, noting that it fails to really end the bulk collection of phone records while also potentially massively expanding other surveillance capabilities.
First, the HPSCI bill’s seemingly broad prohibition on bulk collection turns out to be riddled with ambiguities and potential loopholes. The fuzzy definition of “specific identifiers” leaves the door open to collection that’s extremely broad even if not completely indiscriminate. Because the provision dealing with “call detail records” applies only to §:215 and the provision dealing with “electronic communications records” excludes telephony records, the law does not bar the bulk collection of telephony records under FISA provisions other than §215. The prohibition on non-specific acquisition of other communications “records” probably does not preclude bulk collection under the FISA pen register provision that was previously used for the NSA Internet metadata dragnet. And, of course, none of these prohibitions apply to National Security Letters. If the government wanted to keep collecting metadata in bulk, it would have plenty of ways to do so within the parameters of this statute given a modicum of creative lawyering—at least if the FISC were to continue being as accommodating as it has been in the past.
Second, something like the novel authority created here may well be necessary to enable fast and flexible acquisition of targeted records without dragnet collection. However, once we get down to details—and even leaving aside the question of ex-post versus ex-ante judicial approval—this authority is in some respects broader than either the current §215 telephony program, the president’s proposal, or the pre-Snowden understanding of the FISA business records authority. Critically, it eliminates the required link to a predicated investigation—which, in the case of U.S. persons, must be for counterterror or counterespionage purposes.
In other words, this appears to be a superficial attempt to end bulk collection “under this program,” while at the same time knocking down a bunch of barriers to much broader bulk collection under other authorities, with less oversight and fewer ways to push back against abuse. Did anyone really expect anything different from the NSA’s two biggest defenders in the House?
The Obama years in Washington were supposed to be transparent ones, with increased public access to and awareness of Executive Branch operations. If anything, however, censorship and maintaining government secrets have been more prevalent the longer President Barack Obama has been in office.
“The government’s own figures from 99 federal agencies covering six years show that halfway through its second term, the administration has made few meaningful improvements in the way it releases records,” Ted Bridis and Jack Gillum reported for the Associated Press.
“In category after category—except for reducing numbers of old requests and a slight increase in how often it waived copying fees—the government’s efforts to be more open about its activities last year were their worst since President Barack Obama took office,” they added.
In 2012, the year of Edward Snowden and the National Security Agency (NSA) revelations, the administration cited “national security” as reason to keep hidden information a record 8,496 times.
That was 57% more than during the previous year and more than double during Obama’s first year in office, when it cited that reason 3,658 times.
Even agencies whose mission is not the defense of the nation cited this reason for denying Freedom of Information Act requests. The Farm Service Agency did it six times, the Environmental Protection Agency did it twice and the National Park Service once.
“I’m concerned the growing trend toward relying upon FOIA exemptions to withhold large swaths of government information is hindering the public’s right to know,” Senator Patrick Leahy (D-Vermont), chairman of the Senate Judiciary Committee, told the AP. “It becomes too much of a temptation. If you screw up in government, just mark it ‘top secret.’”
In 2013, a federal judge, Ellen Segal Huvelle, upbraided the Obama administration for trying to keep secret a non-classified policy directive regarding “Global Development.”
Obama has also failed to get federal agencies to update their procedures for handling FOIA requests.
Fifty of 101 agencies still haven’t updated their FOIA regulations to comply with Congress’ 2007 FOIA amendments, and more than half of them (55 of 101) haven’t even complied with changes called for by Obama and Attorney General Eric Holder Jr. to establish a “presumption of disclosure” to encourage the release of more documents, according to the National Security Archive at The George Washington University.
To Learn More:
US Cites Security More to Censor, Deny Records (by Ted Bridis and Jack Gillum, Associated Press)
Half of Federal Agencies Still Use Outdated Freedom of Information Regulations (National Security Archive)
48 Years after Creation of Freedom of Information Act, State Dept., Defense Dept. and VA Get Failing Grades (by Noel Brinkerhoff, AllGov)
Judge Chastises Obama Administration for Using “Secret Law” to Withhold Documents (by Noel Brinkerhoff, AllGov)
New York – The Supreme Court announced yesterday that it would not hear Center for Constitutional Rights v. Obama, a lawsuit challenging the National Security Agency’s warrantless surveillance of people within the United States. The suit sought an injunction ordering the government to destroy any records of surveillance that it still retains from the illegal NSA program. The Center for Constitutional Rights issued the following statement in response to the Court’s decision:
The Supreme Court’s refusal to review this case guarantees that the federal courts will never address a fundamental question: Was the warrantless surveillance program the NSA carried out on President Bush’s orders legal? The Court’s decision also guarantees that the Obama administration, which has for the last five years refused to take any position on that question, will now never have to answer either.
Despite mounting evidence of government spying on attorneys’ privileged communications, the Court yesterday declined to review the lower court’s determination that CCR attorneys’ fears of surveillance under President Bush’s NSA program, which involved no review by judges or Congress and flew directly in the face of express criminal prohibitions, were too “speculative” to allow CCR to challenge the program in court.
The Court’s decision comes as increasing evidence suggests the government has been surveilling attorney-client communications for some time. The New York Times recently reported that in 2013 the NSA surveilled law firm Mayer Brown while it represented the government of Indonesia in trade talks with the United States. In 2008, The Times reported Justice Department officials had confirmed that attorney-client communications in terrorism cases were sometimes subject to surveillance. And a document accidentally released to an Islamic charity in 2004 indicated that the D.C.-based attorneys for the charity had been subject to surveillance while speaking to their clients.
A memo released by whistleblower Edward Snowden indicated that the government only excludes attorney-client communications from collection when the client is under actual indictment in the United States. Communications of attorneys not directly with a client (for example, with expert witnesses or investigators abroad), or with a client not formally charged in the United States (including, for example, the Center for Constitutional Rights’ many Guantanamo detainee clients, none of whom are charged in federal courts) might now be subject to surveillance under broad orders issued under the current FISA statute.
In the wake of President Obama’s promise to stop spying on German Chancellor Angela Merkel, the US intelligence has switched its attention to her top government officials, a German newspaper reported.
Washington’s relations with Germany were strained last year after revelations that the US National Security Agency (NSA) was conducting mass surveillance in Germany and even tapped the mobile phone of Chancellor Merkel.
Facing the German outrage, President Barack Obama pledged that the US would stop spying on the leader of the European country, which is among the closest and most powerful allies of America.
After the promise was made, the NSA has stepped up surveillance of senior German officials, German newspaper Bild am Sonntag (BamS) reported on Sunday.
“We have had the order not to miss out on any information now that we are no longer able to monitor the chancellor’s communication directly,” it quoted a top NSA employee in Germany as saying.
BamS said the NSA had 297 employees stationed in Germany and was surveying 320 key individuals, most of them German decision-makers involved in politics and business.
Interior Minister Thomas de Maiziere is of particular interest to the US, the report said, because he is a close aide of Merkel, who seeks his advice on many issues and was rumored to be promoting his candidacy for the post of NATO secretary-general.
A spokesman for the German Interior Ministry told the newspaper it would not comment on the “allegations of unnamed individuals.”
Privacy issues are a very sensitive area in Germany, which holds the memory of invasive state surveillance practices by the Nazi government and later by the Communist government in the former East Germany.
Part of the outrage in Germany was caused by the allegation that US intelligence is using its surveillance capabilities not only to provide national security, but also to gain business advantage for American companies over their foreign competitors.
Berlin has been pushing for a ‘no-spying deal’ with the US for months, but so far with little success. Germany is also advocating the creation of a European computer network which would allow communication traffic not to pass through US-based servers and thus avoid the NSA tapping.