In a recent guest post, Chairman David Medine of the Privacy and Civil Liberties Oversight board gamely responds to several questions about §702 surveillance posed by my co-blogger Jennifer Granick.  Among other things, he attempts to reassure skeptics that the NSA is not “creatively” interpreting its authorities to engage in “bulk” surveillance.  I am, however, only partly reassured.  The restrictions on collection Medine describes do indeed rule out some forms of “creative” collection that intelligence agencies have previously attempted, but there are nevertheless at least two scenarios apparently permitted by the current rules which, at least in the colloquial sense, I would regard as “bulk collection.”

First, a brief semantic digression: The PCLOB report follows the practice of the intelligence community in using “bulk collection” as an antonym for “selector-based” or “targeted” collection.  Thus, “the Board does not regard Section 702 as a ‘bulk’ collection program, because it is based entirely on targeting the communications identifiers of specific people.”  But a moment’s reflection should make clear that the use of selectors is not, in itself, necessarily an obstacle to bulk collection in the looser, intuitive sense of “vacuuming up vast quantities of communications unrelated to foreign intelligence from large numbers of people.”   So, to pick a crude example, an order for interception of all phone calls to or from Karachi would clearly be a form of “bulk collection.”  An order for records of all calls to or from each number contained in the Karachi phone directory would be nominally “targeted” collection based on “specific selectors,” but indistinguishable in effect from “bulk collection.”  To bypass needless verbal disputes, I’ll refer to nominally selector-based vacuuming of this sort as bulky collection. The requirement that an individual “foreign intelligence purpose” determination be made for each selector tasked under §702 ought to preclude my “phone directory” hypothetical, but may not rule out two forms of bulky collection that I’ll sketch momentarily.

Before getting to those, I should acknowledge at least two types of potentially bulky acquisition that do appear to be ruled out by the rules Medine describes—hence my partial reassurance.  The first is tasking of all “facilities” (such as phone lines or e-mail accounts) registered to a foreign corporate target, even if some of those facilities—like a company-issued mobile phone or the account USEmployee@ForeignCorp.com—are used exclusively by an American in the United States.  The government has, in fact, attempted precisely this move in the past: In U.S. v. Bin Laden (S.D. N.Y. 2000), the government argued  that wiretaps of a U.S. person’s mobile and home telephone lines were “directed at” the foreign entity Al Qaeda rather than the individual American using them.  (The court, fortunately, rejected that rather disingenuous argument in the instance, though without categorically ruling it out under different factual circumstances.)  The second form of “bulky” collection apparently excluded would be tasking of selectors that would designate facilities used by a target, but also by hundreds or thousands of unrelated, innocent persons.  The public-facing Internet Protocol address for an Internet café, corporate firewall, mobile access point, or VPN exit node, for example, may be associated with the online activity of a legitimate foreign target—but also huge numbers of other users, some of them potentially U.S. persons. According to Medine and the PCLOB, the FISC has determined that “the users of any tasked selector are considered targets – and therefore only selectors used by non-U.S. persons reasonably believed to be located abroad may be tasked.”  On face, then, these two types of bulky collection would appear to be ruled out, at least under §702 authorities, by the FISC’s interpretation.  Here are two others that may not be.

  • Targeting of corporate entities communicating with large numbers of innocent users

Since we colloquially refer to people who communicate with a Web site or other online server as its “users,” you might intuitively think that the interpretation alluded to by Medine would also prevent tasking a site or server used by large numbers of U.S. persons for collection, but this is pretty clearly not the case.  If we consider other types of “selectors,” such as e-mail addresses, it becomes clear that a parallel understanding of “users” is untenable: The NSA is clearly not detasking any e-mail address that communicates with a U.S. person, since the whole point of the FISA Amendments Act was to authorize such interceptions.  We have to understand “user” here not in the colloquial sense—in which I may be a “user” of a foreign Web site—but rather in the narrower sense of the person to whom a selector is registered or assigned.  Thus, while I may communicate with  foreign site, only the site itself (perhaps along with its administrators) counts as a “user” of its IP address, while I am a “user” of my own IP address assigned by my domestic ISP.

We don’t need to rely on abstract reasoning to confirm this, of course: The question of targeting foreign servers is explicitly broached in an internal document leaked by Edward Snowden and published by The Intercept.  There, several questions posed by NSA analysts concern whether, when they task for collection a selector associated with a foreign “malicious actor”—the specific example of The Pirate Bay and piratebay.org is used— they must use “defeaters” to filter out the traffic to or from U.S. addresses.  The answer is unambiguous: “Okay to go after foreign servers which US people use also (with no defeats).”  The NSA may, in other words, collect all traffic to or from a foreign target’s IP address, regardless of whether that traffic is bound to or from a U.S. IP address, which will count as merely “incidental” collection.

Let’s consider what this means concretely, using the specific example of The Pirate Bay (TPB), since it is explicitly referenced in the document linked above.  TPB comprises a suite of sites—the primary one boasting more than 6 million registered users, and tens of millions (mostly unregistered) users active uploading and downloading through the site at any given time.  The actual file transfers on the main TBP site are peer to peer, so the traffic to and from the site (or suite of sites, really) will include the web pages, search queries, and the magnet links that enable p2p downloading of particular files, as well as the forums and internal messaging functions.  Then there are the various component sites Pirate Bay operates. Bayfiles is a non-p2p file locker, so uploads and downloads there will contain the actual contents of both personal files and files uploaded to be widely shared. PasteBay is basically a Pastebin clone that allows people to anonymously host both public and private (password protected) text documents. Because the latter service is anonymous, there are no “accounts” to task there—just a whole lot of public and private documents being stored and transferred to whoever has the link and password for them. Obviously The Pirate Bay is not a participant in PRISM, so the site(s) would be monitored via “upstream” collection under §702 or at foreign collection sites under Executive Order 12333.  That means the initial intake is going to be the stream as a whole (or as much of it as NSA has visibility on), unless they’re employing “defeaters” to filter US traffic, which NSA lawyers have explicitly  told analysts that need not employ.

Now, on the definition embraced by PCLOB, as I understand it, this is by definition not “bulk collection,” because the corporate entity The Pirate Bay is itself the foreign target, and tasking the IP addresses registered to it may reasonably be expected to yield some foreign intelligence information.  All of that traffic—including, presumably, traffic from tens of thousands of Americans searching for pirated porn or storing personal documents remotely—is, as NSA lawyers confirm, communication to or from a foreign target, and therefore fair game for “incidental” collection.  The obvious point to make here, however, is that if NSA were doing something comparable under PRISM, acquiring all traffic to or from a service like Google or Dropbox, we would unhesitatingly call that bulk collection.  I’m therefore inclined to at least call it bulky collection if NSA believes it can achieve a comparable result by targeting a foreign site and tasking its IP addresses under §702.

  • Using XKeyscore to generate selector lists based on abstract communications characteristics

The other “bulky” scenario would involve the use of specific selectors for either upstream or PRISM tasking where the selector list is actually generated by an algorithmic, automated process based on abstract communications characteristics. The “Karachi phone directory” would be an extreme example of this, which Medine assures us isn’t being done. Something similar in principle, however, would be possible via the XKEYSCORE tool disclosed by The Guardian last year.
As slides describing XKEYSCORE’s capabilities make clear,  the system operates on Internet traffic collected in bulk, presumably mostly traffic collected under E.O. 12333 at overseas interception points, without “strong selection”—which is to say, without tasking any particular target. As the slides boast, this system’s unique access to raw, un-selected traffic enables the discovery of unknown targets, whose “selectors” can then be tasked for comprehensive collection.  As the slides put it, analysts can “use this traffic to detect anomalies which can lead us to… strong selectors for traditional tasking.” In some cases, of course, there’s a particular individual they have in mind, and this is just a way of finding new accounts that person uses that they’re not yet aware of. But the slides also discuss uses that sound a lot like fishing expeditions: “How do I find a cell of terrorists that has no connection to known strong-selectors?  Answer: Look for anomalous events. E.G. someone whose language is out of place for the region they are in. Someone who is using encryption. Someone searching the web for suspicious stuff.”     From there, analysts engage in “Reverse PSC”, or “Persona Session Collection.”   This is, in essence  PRISM backwards: Rather than starting from a “selector” and then monitoring users activity, analysts can instead move “from an anomalous event back to a strong selector.”

Now consider how this capability could lead to bulky collection when combined with the leaked targeting procedures employed by NSA.  Tasking under §702 begins with “lead information” about candidate selectors. But while PCLOB’s description of the tasking process sounds individualized, the examples of “lead information” discussed in the targeting procedures often involve long lists of selectors that would all be covered by essentially the same “foreign intelligence purpose” rationale, such as the captured cell phone address book or IM buddy list of a known terror suspect or other foreign target.

XKEYSCORE can generate similar lists of selectors. It is basically a tool that analysts tell “Show me selectors for everyone who meets criteria X,”  for example: “show me everyone in Iran who uses PGP” or “show me all the German-speakers in Pakistan.”  It also appears to permit at least limited queries for keywords contained in message content—something that PCLOB asserts cannot be directly used to task collection under §702.  Clearly XKEYSCORE can be used to generate selector lists that are not bulky—as when it is queried with criteria that, in tandem, uniquely identify a particular known target or device.  But it could also be used to indirectly permit the kind of broad tasking PCLOB assures us is not being done directly: A list of accounts whose users employ Islamist phrases, or who exhibit “suspicious” patterns of online activity, or who fit some geographic and linguistic profile.  There are probably no bright lines to be drawn here between tasking most people would regard as reasonable and collection of the sort I’m calling bulky, but it seems plausible analysts would often task broadly and figure out after the fact whether a particular set of criteria used to generate selector lists reliably generated an acceptably high percentage of communications containing foreign intelligence information.  Indeed, it’s at least arguably necessary for them to do this because of what we might call the “tuning problem.”  You may hypothesize that some set of communications characteristics will be highly correlated with terrorist activity or some other form of foreign intelligence information, but the false positive rate can’t be predicted until one has actually tasked some accounts for collection and seen what comes up.

These examples also illustrate why, more generally, I am less sanguine than Medine and his colleagues: The practical significance of constraints imposed by the §702 procedures depends on how that program interconnects with a dizzying array of other programs that may conceal the “bulkiness” of collection that appears individualized and targeted if we look only at §702 in isolation. Perhaps, of course, PCLOB’s review process raised questions of this kind—and others that, without access to classified information, I do not even know enough to frame.  Since they are constrained in discussing technical details, of course, it may be that they are reasonably reassured without being able to share the grounds of that reassurance with the rest of us.