[csandreasen]

With regards to the first Snowden leak, there was no context behind it. We've had two independent reports (the Presidential Review Group's[1] and the Privacy and Civil Liberties Oversight Board's[2]) since then detailing exactly what is being done with phone records and what the NSA is allowed to do with them. I wouldn't call the 215 program monitoring at all, unless you're referring to the "seed selectors" that are approved by the FISC. Based on what we know now, the entire premise of the program, which was lacking in the initial reporting, is determining if any numbers on a list of foreign phones belonging to suspected terrorists have called or received calls from US numbers; if so, which numbers were they in contact with. You can call it massive over-collection to achieve those ends and you can say the potential for abuse is frightening, but none of the Snowden documents have actually shown any abuse, datamining or, dare I say, monitoring of regular people.

With your second article, it almost feels like your article and the source documents are talking about two separate things. You start off claiming that the documents are at odds with Obama's claim that the NSA can't listen to American's phone calls or target their e-mails, then go and cite a pair of documents that detail how to avoid collecting American's communications and what to do if they are inadvertently collected? You continue on by saying 'Analysts are expected to exercise "reasonable judgment" in determining which data to use, according to the documents, and "inadvertently acquired communications of or concerning a United States person may be retained no longer than five years."', but omit rest of the paragraph that it comes from:

Personnel will exercise reasonable judgment in determining whether information acquired must be minimized and will destroy inadvertently acquired communications of or concerning a United States person at the earliest practicable point in the processing cycle at which such communication can be identified either: as clearly not relevant to the authorized purpose of the acquisition (e.g., the communication does not contain foreign intelligence information); or, as not containing evidence of a crime which may be disseminated under these procedures. Such inadvertently acquired communications of or concerning a United States person may be retained no longer than five years in any event. The communications that may be retained include electronic communications acquired because of limitations on NSA's ability to filter communications.

Why is the beginning and end of that paragraph important but not the fact that NSA analysts are required to destroy any US person communications that couldn't be automatically filtered out and contain no intelligence value or evidence of a crime? It doesn't say anything about a requirement to destroy American's inadvertently collected communications anywhere in the article. You continue by saying 'The documents also refer to "content repositories" that contain records of devices' "previous Internet activity," and say the NSA keeps records of Americans' "electronic communications accounts/addresses/identifiers" in an apparent effort to avoid targeting them in future eavesdropping efforts.' What's the problem with noting that an e-mail address belongs to an American if the stated purpose is to mark it as unsuitable for collection?

You go to quote Jameel Jaffer at the ACLU as saying that "the NSA claims the authority to collect and disseminate attorney-client communications -- and even, in some circumstances, to turn them over to Justice Department prosecutors.", but the actual source document says this:

As soon as it becomes apparent that a communication is between a person who is known to be under criminal indictment in the United States and an attorney who represents that individual in the matter under indictment (or someone acting on behalf of the attorney), monitoring of that communication will cease and the communication will be identified as an attorney-client communication in a log maintained for that purpose. The relevant portion of the communication containing that conversation will be segregated and the National Security Division of the Department of Justice will be notified so that appropriate procedures may be established to protect such communications from review or use in any criminal prosecution, while preserving foreign intelligence information contained therein. Additionally, all proposed disseminations of information constituting United States person attorney-client privileged communications must be review by the NSA Office of General Counsel prior to dissemination.

I look at these things and I have to wonder why the article is written like this. It seems downright misleading to me. Is it an editorial decision, or is that how you actually interpret those documents?

EDIT: I'm re-reading this a few minutes later and I'm worried I'm coming off as offensive, which wasn't my intention. I'm honestly curious about this - I read those same source documents and interpret them completely different than how you wrote them up.

[xnull2guest]

> We've had two independent reports (the Presidential Review Group's[1] and the Privacy and Civil Liberties Oversight Board's[2]) since then detailing exactly what is being done with phone records and what the NSA is allowed to do with them.

And in those documents it was confirmed that the NSA was in charge of maintaining a database with all phone records of all Americans and that the limitations on the storage of these records are five years - that limitations on querying them are enforced only at a policy level.

The issue is not about whether there has been abuse. The issue is about the fundamental principles of freedom in our country against suspicion-less search and seizure. An infringement on this is and of itself is an abuse.

It's like saying: "Yeah they have slaves, but there's no evidence that they mistreat them." You're not engaging with the substance of the argument. Unless it is that you depart from the founding principles of freedom established to protect the United States of America, its citizens, and to promote well-being and liberty for all? Do you disagree with these principles, so long as those who govern don't abuse the power so far as the public knows?

> Why is the beginning and end of that paragraph important but not the fact that NSA analysts are required to destroy any US person communications that couldn't be automatically filtered out and contain no intelligence value or evidence of a crime?

First, it seems you agree with the parent? You don't dispute him, just add an addendum about minimization. In response to your addendum: it's clear that the collection is made and then by policy alone it is 'minimized'. The issue is that the collection is done in the first place without a person being suspected of a crime. Their content can be collected, then it can be decided if they are suspect of a crime or not, and then it may possibly be released. This is principally different than how law enforcement is supposed to work in the United States.

Another thing we learned from the Obama Administration oversight panel is that anything within three hops of a target is considered relevant for collection (and the hops are counted across Facebook, Twitter, AIM, Snapchat, LinkedIn, Gmail, phone, geolocation, etc). But we also know that on Twitter alone the average number of hops between any two people has been measured to be 3.43 [1]; and on Facebook it is 4.74 [2]. When every one of these networks is combined, it is almost assuredly close to if not below 3.0, and the number of targets is quite large. Because of this every person's contents are 'relevant to the an authorized purpose of acquisition' because all persons are likely to be within three hops of a request.

> You go to quote Jameel Jaffer at the ACLU as saying that...

I would agree that details are missed in his summary (this is the nature of summaries) but I would also classify his statement as accurate (not misleading). The NSA will collect client-attorney communications. If and when it is recognized as 'protected communication' the NSA will stop but keep the communications it has collected. It can disseminate them (there are processes for it, but it can). Protecting the communications from review and use in criminal prosecution while preserving the intelligence almost reads like... parallel construction...

[1] http://www.aaai.org/ocs/index.php/SOCS/SOCS11/paper/view/403...

[2] http://www.telegraph.co.uk/technology/facebook/8906693/Faceb...

[csandreasen]

> that limitations on querying them are enforced only at a policy level.

I love it when people throw this out. Virtually every crime is enforced only at a policy level. There are no technical limitations preventing a cop from going from door to door and using his issued weapon to kill everyone inside, but you don't see people crying out to disarm cops to prevent it.

> The issue is not about whether there has been abuse. The issue is about the fundamental principles of freedom in our country against suspicion-less search and seizure.

It's not suspicion-less - it's done to answer specific questions: are any phone numbers on a given list of foreign terrorist numbers in contact with other phone numbers inside the US? If so, which numbers are they in contact with? It was implemented to address a specific fault found by the 9/11 Commission. I'm personally comfortable with the information collected being used for exactly that purpose, and nothing else (although I'm guessing you're going to come back and say you're not). That's why in evaluating the program, it's critical to look at whether the NSA has deviated from guidelines set down by the courts. Neither of the two review groups recommended shutting down the program, they recommended keeping the phone records at the phone companies instead.

> First, it seems you agree with the parent? You don't dispute him, just add an addendum about minimization.

I'm taking issue with cherry picking quotes to make a point.

> The issue is that the collection is done in the first place without a person being suspected of a crime. Their content can be collected, then it can be decided if they are suspect of a crime or not, and then it may possibly be released. This is principally different than how law enforcement is supposed to work in the United States.

This isn't law enforcement, it's foreign intelligence. The document in question pertains to Section 702 collection, which is targeted against specific e-mail addresses/accounts/identifiers used by foreigners. There already has to be a stated foreign intelligence purpose to collect against that specific address to begin with. The document further goes on to direct analysts to destroy any collected information that pertains to US persons is not of foreign intelligence value.

> Another thing we learned from the Obama Administration oversight panel is that anything within three hops of a target is considered relevant for collection (and the hops are counted across Facebook, Twitter, AIM, Snapchat, LinkedIn, Gmail, phone, geolocation, etc).

There's nothing in the PCLOB report that says that. The report makes it pretty clear that the whole three hop process pertains to phone records.

> but I would also classify his statement as accurate

It's inaccurate because he states that the NSA can hand attorney-client communications over to federal prosecutors, when the document he's citing says the exact opposite.

> almost reads like... parallel construction...

How could it be parallel construction if the person is already indicted? The entire point of that section is to protect client-attorney communications - if the purpose was to feed intelligence to US law enforcement by circumventing client-attorney privilege, why would they put in those additional restrictions?

[xnull2guest]

> Virtually every crime is enforced only at a policy level.

No. This is not the case.

Take some of the records (Skype for example) that the NSA had to contact companies with judges signatures to get. This is enforced by a separation of powers.

I'm not sure you addressed the main point, or admitted that in the reports they disclosed that the NSA did have direct full takes of the data (which you had been arguing against).

> It's not suspicion-less - it's done to answer specific questions

This is a false dichotomy. You can try to answer specific questions without suspicion of guilt. This is what is happening. They are answering specific questions, but they don't have suspicion of guilt.

An alternative is to get a warrant on the 'known terrorists' (which in practice is used very rarely for 'terrorist' and very often for other interests) and see directly who they have been contacting without having to see that I called my my babysitter and you called your attorney in the meantime. I mean, if that's all they were doing and that's all they needed, this would be a solution. (It's not all they are doing.)

> I'm personally comfortable with the information collected being used for exactly that purpose, and nothing else

You may want to look into what else is being done with the records. Phone and otherwise.

> I'm taking issue with cherry picking quotes to make your point.

But you didn't. I suggest rereading your comment.

> This isn't law enforcement, it's foreign intelligence.

It's foreign intelligence that is collecting vast swaths of information on American people. This information can be used to investigate Americans without going through normal investigative channels. It is law enforcement, though you can mince words. If you prefer we can call it foreign intelligence so long as we remind ourselves that it is principally different than how foreign intelligence is supposed to work in the United States.

> There's nothing in the PCLOB report that says that. The report makes it pretty clear that the whole three hop process pertains to phone records.

Perhaps I've confused PCLOB revealed information with the technical information revealed in Snowden documents then? I fear we'll need to drag out technical documents to resolve this specific dispute. But even if you don't take the other networks into account three hops is still huge, especially with a large number of targets. It is gross overcollection without selectors.

> It's inaccurate because he states that the NSA can hand attorney-client communications over to federal prosecutors, when the document he's citing says the exact opposite.

Perhaps he should have said attorneys? Were it destined for prosecutors, the intelligence will make its way to prosecutors later (when and if there is a trial).

> How could it be parallel construction if the person is already indicted?

Because parallel construction can be done to collect evidence and because the gathered intelligence can be used in the indictment of other targets - and here the source of the intelligence used to do this remains undisclosed. And because communications (as written below) contain records from before an indictment, which will contain lots of information useful to get an indictment and lots of useful information to a prosecution after an indictment.

Also we should note that the NSA only marks attorney-client communications a no-go after there has been an indictment: attorney-client communications are a confidential and privileged communication whether you are on trial, expect to be indicted, or are talking to your attorney about what you should do to avoid legal trouble because of what your peers are engaged in.

> if the purpose was to feed intelligence to US law enforcement by circumventing client-attorney privilege, why would they put in those additional restrictions?

If we grant that 'the purpose was to...' then the answer is: to comply with - or to appear to comply with - the law of the land in the most minimal way.

But we should be careful. The question of whether something is used for a purpose is a separate one than what it was designed for. If there is opportunity and there is motive there will be cases.

[csandreasen]

> I'm not sure you addressed the main point, or admitted that in the reports they disclosed that the NSA did have direct full takes of the data

No, I didn't address, but neither does the linked article - the documents cited state that they can keep encrypted data past 5 years in order to decrypt it. It doesn't say anything about "warrantless bulk collection of encrypted communications". The "warrantless" doesn't make sense in that you don't need a warrant to collect purely foreign communications, and the "bulk" part neither has evidence to back it up nor does it make sense: why would the NSA stored every single piece of encrypted traffic and devote the (expensive) time and energy needed to decrypt it all if they didn't have reason to believe it was of significant value. I'm submitting this comment over HTTPS - there's no reason to store the TCP traffic that accompanies it.

> An alternative is to get a warrant on the 'known terrorists'

They don't need a warrant to collect against foreigners for foreign intelligence purposes; they're not collecting information for use in a criminal indictment.

> This information can be used to investigate Americans without going through normal investigative channels.

Section 702 collection (what I was addressing in my comment and what declan was referring to in his article) can be only be used to target foreigners, not Americans. If there is evidence of them using that legal authority to intentionally target Americans, please do write in to the papers because that's cut and dry illegal.

It seems like you're mixing up the 215 and 702 programs, which collect dramatically different information from completely different groups. 215 is the bulk domestic phone records program - the NSA gets the number called, calling number. date/time, call length and trunk identifier. They don't get the identities behind the phone numbers, locations, etc. 702 is collection against specific foreign targets using US providers - they get the full take on that.

> Perhaps he should have said attorneys?

The relevant part is: "so that appropriate procedures may be established to protect such communications from review or use in any criminal prosecution"

> (It's not all they are doing.)

> You may want to look into what else is being done with the records. Phone and otherwise.

Please enlighten me. My biggest issue with just about all of the reporting that's come out of the Snowden disclosures is that they talk a lot about how the NSA performs collection, but leave out who the who, what and why - often at the same time saying something like "it is unclear whether [or how many] American's communications have been collected". One embarrassing set of articles in particular was the Angry Birds disclosures: the newspapers gawked about how the NSA could be collecting everyone's marital status, incomes, sexual preferences, etc., but it was discovered that the newspapers improperly redacted the documents and the redactions were removed, it turned out that the NSA was using the information to track Al Qaeda in Iraq. I see lots of accusations that the NSA is spying on regular people, but the only disclosures I've seen talking about their targeting are along these lines: http://electrospaces.blogspot.com/2014/09/nsas-strategic-mis...

I've been following this issue closely. To date, I have yet to see any smoking gun showing actual evidence that the NSA is targeting regular Americans or anyone else other than for purposes of gathering foreign intelligence outside the US.

[xnull2guest]

Thank you for your attempt to provide a counterpoint. I think it's important for all points to be part of the discussion.

However, I can't really reply to your comment as it has gotten significantly off the course of the subject material and because you have not given substantive replies to the arguments made therein. I'm not sure if this lack of real substance is on purpose (argument by exhaustion) or because of miscommunication. Either way, I'm out.

[csandreasen]

I can definitely empathize with your frustration. Thanks for the discussion.