FYI.

This story is over 5 years old.

Tech

The US Argues It Must Destroy Key NSA Evidence to Protect National Security

The government's peculiar argument for deleting evidence of domestic surveillance: not deleting it could be a technological disaster.

There is "now no doubt" that the NSA has destroyed evidence that shows that it illegally spied on Americans, a digital watchdog group says, and it continues to do so despite court orders to preserve the data.

Initially, the government said it had not retained the data because it did not think it was pertinent to the case. Last week, it used a new, more peculiar justification: retaining the data now would be a technical and legal hassle that could threaten national security, because it may mean shutting down the entire Internet surveillance program altogether.

Advertisement

The evidence in question—the data of Americans who may have been caught up in the government's phone and Internet surveillance programs after 9/11—is the subject of a 2008 lawsuit, Jewel vs. NSA, one of a slew of years-old court cases questioning the constitutionality of the government's surveillance programs.

In March, a judge instructed the government to retain the data under a temporary restraining order. Last week, after it was discovered that the government had not complied, Judge Jeffrey S. White of the US District for the Northern District of California issued an emergency restraining order, once again requiring the NSA to keep the data. "Defendants are ordered not to destroy any documents that may be relevant to the claims at issue in this action, including the Section 702 materials," he wrote.

The agency's lawyers responded in an emergency motion, saying that not destroying the evidence would mean "complex technical and operational issues." Retaining older data, it said, would violate rules and complicate computer systems that otherwise mandate the deletion of that data, under rules meant to protect individuals' privacy.

Keeping the data, wrote Dept. of Justice lawyers, would "cause severe operational consequences for the National Security Agency's (NSA) national security mission, including the possible suspension of the Section 702 program and potential loss of access to lawfully collected signals intelligence information on foreign intelligence targets that is vital to NSA’s foreign intelligence mission."

Advertisement

The Electronic Frontier Foundation, which is arguing the case, vehemently questioned the government's reasoning.

"It is not credible that, as the government contends, simply refusing to destroy during the next 18 hours the communications it has intercepted will cause 'the possible suspension of the Section 702 program,'" EFF Legal Director Cindy Cohn wrote to Judge White.

"How can the preservation of these intercepted communications cause a 'loss of access to lawfully collected signals intelligence information'?" she wrote. "That information will remain accessible even though it is being preserved."

The NSA contends that the systems that manage the data and its deletion are too complex, and are not designed for a data backup like the kind that might be required. The claim puts the NSA in an awkward position, as it seems to argue that it cannot carefully manage the massive streams of data that its systems ingest everyday. Even for the government's most sophisticated computer analysts, stopping the deletion of data and storing it instead, he wrote, "would require significant technical changes to these databases and systems."

"Changes of this magnitude to database and systems architecture normally take months to engineer and test," wrote the NSA Deputy Director Richard Ledgett. "To comply immediately with the Court’s order, the NSA may have to shut down all the databases and systems that contain Section 702 information. Such a shutdown would suspend acquisition of communications pursuant to Section 702 and analyst access to communications acquired under Section 702."

Advertisement

Because this program is "the most significant tool in NSA’s arsenal for detecting, identifying, and disrupting terrorist threats," he wrote, "The impact of a shutdown of the databases and systems that contain Section 702 information cannot be overstated."

In a hearing on Friday, Judge White reversed his emergency restraining order, pending more information. “In order to protect national security programs, I cannot issue a ruling at this time. The Court rescinds the June 5 order,” Judge White said.

The emergency court order was requested by EFF lawyers after they happened to discover, in the course of emailing with their government counterparts, that crucial evidence was still not being retained.

An email between Marcia Berman, a government lawyer, and Cindy Cohn of the EFF

'Regular civil litigants would face severe sanctions if they so obviously destroyed relevant evidence. But we are asking for a modest remedy: a ruling that we can assume the destroyed records would show that our plaintiffs were in fact surveilled by the government.'

"The court has issued a number of preservation orders over the years, but the government decided—without consent from the judge or even informing EFF—that those orders simply don't apply," Cohn said in a statement. "Regular civil litigants would face severe sanctions if they so obviously destroyed relevant evidence. But we are asking for a modest remedy: a ruling that we can assume the destroyed records would show that our plaintiffs were in fact surveilled by the government."

Advertisement

Initially, the government contended it didn't think this particular data was relevant, because it thought the lawsuit pertained only to data gathered under the authority of President Bush, and not under Section 702 of the Amendments Act of the Foreign Intelligence Surveillance Act. Once the authority for the program was transferred in 2007, the government suggests, questions of constitutionality had been resolved.

The EFF refutes the government's reasoning, pointing out that surveillance under the authority of the FISA court is still warrantless, and that NSA officials had themselves explicitly connected FISA programs to the lawsuits, as had previous statements made by the government's lawyers.

The government appeared to want it both ways, Andrew Crocker, a legal fellow at the EFF, told Motherboard. "They said [the Internet data collected under the Foreign Intelligence Surveillance Court] is not relevant to our case, but they've also made statements, in asserting state secrets, that we touch on issues under the guidance of the FISC."

Meanwhile, argues the EFF, the NSA had known which data to retain as judges had specifically ordered that it be done on multiple occasions. The NSA's professed ignorance, writes Cohn, "lacks any credibility, especially in light of the extensive discussions between Court and counsel at the March 19, 2014 hearing on the evidence preservation dispute."

"The government’s disregard for the past three months of its obligations under the Court’s TRO should not be retroactively blessed by granting a stay that permits the government to continue destroying evidence," she wrote.

Advertisement

According to the EFF brief, "The government's own declarations make clear that the government has destroyed three years of the telephone records it seized between 2006 and 2009; five years of the content it seized between 2007 and 2012; and seven years of the Internet records it seized between 2004 and 2011, when it claims to have ended those seizures."

Plaintiffs have publicly sought evidence of unconstitutional government surveillance since at least 2006. In the lawsuit in question, lead plaintiff Carolyn Jewel accuses the agency of misusing its post-9/11 surveillance program to tap into fiber optic cables carrying the bulk of the country's and the world's Internet data, in violation of the Fourth Amendment.

The data in question, the EFF writes, "would include evidence relating to its use of 'splitters' to conduct bulk interceptions of the content of Internet communications from the Internet 'backbone' network of AT&T, as described in multiple FISC opinions and in the evidence of Mark Klein and J. Scott Marcus," telephone engineers who discovered that a secret room had been installed at an AT&T switching center to tap Internet traffic.

The programs first came to light in 2005 in the New York Times and were further detailed by Edward Snowden's revelations. In one formerly classified slide, NSA analysts were told to rely on both "downstream" PRISM data and on "upstream" raw Internet data. One upstream program, MUSCULAR, exploited links between Google and Yahoo data centers.

Advertisement
An NSA slide published in 2013 describes the authority behind its Internet wiretap programs, which the EFF claims illegally collected on Americans

The lawsuit and the ensuing struggle simply to maintain evidence of surveillance on Americans has placed the EFF in a peculiar position, arguing for the preservation of data it doesn't want the government to collect in the first place.

The NSA, meanwhile, argues that its data-collection programs are constitutional, and that its data purging is based on rules that are specifically meant to keep the program operating within legal guidelines.

"An order requiring the preservation of all Section 702 material would, ironically, abrogate the very protections put in place by the FISC to ensure that the NSA’s upstream collection complies with the Fourth Amendment, all so that Plaintiffs can attempt to show that it did not."

The FISA rules outline how the agency can inadvertently collect and store data of Americans. Unevaluated data collected through "upstream" methods like tapping into Internet and phone lines, “may be retained no longer than two years from the expiration date of the certification authorizing the collection,” whereas information that is “known to contain communications of or concerning United States persons will be destroyed upon recognition” if it does not meet one of the requirements for retention, like a suspected connection to terrorism.

Advertisement

One day over that two year limit, and NSA analysts will have passed over the thin boundaries that separate authorized surveillance and the unauthorized kind. These rules, says the NSA, make for a convoluted computer system and bad evidence retention.

"Unlike bulk telephony metadata collected under the Section 215 program," NSA Deputy Director Ledgett explained, "communications acquired pursuant to Section 702 resides within multiple databases contained on multiple, operationally complex systems."

To comply with the court order, the NSA "may need to take all databases containing Section 702 data offline while NSA operators and technical staff determine whether and how all of the data that would otherwise be destroyed in order to comply with the FISA and the Constitution could be retained indefinitely instead in compliance with this Court’s June 5 Order."

In other words, it isn't possible to examine evidence that shows whether a program is running legally and within the boundaries of the Constitution because that would mean stopping the program.

Either way, the NSA argues that the case should be thrown out, describing the claim that "Plaintiffs’ communications" have been swept up in "incidental overcollection" as "pure speculation."

"To the extent that Plaintiffs will argue that the Section 702 program is a program of untargeted mass surveillance based on the fact that, due to technological limitations,NSA’s upstream collection results in the acquisition of Internet transactions containing multiple communications, it is purely speculative that Plaintiffs’ communications are included in this incidental overcollection."

Advertisement

It is thus "illogical to suspend the very FISC requirements designed to protect against this."

Online, some have echoed the EFF's puzzlement over the NSA's explanations, while others have sought to give the agency the benefit of the doubt. If the software made it difficult to retain data after its age-out date, even if that data is needed for ongoing investigations, that reflected a poor design choice.

"Of course, designing such a system in this way is stupid," one commenter wrote. "The only reason I can see to design it in this way is as a defense against the court ordering them to preserve evidence they would prefer to destroy."

Others have wondered if the government simply doesn't have enough disk space to save all of the data it collects. For the agency that sought to "collect it all," as its director, Gen. Keith Alexander, once urged, storing and accessing some of that information is harder than it might seem.

"With the huge amounts of data that they're gathering it's not surprising to me that it's difficult to keep track—that's why I think it's so dangerous for them to be collecting all this data en masse," Cohn told the Washington Post.

The EFF legal team on Jewel vs. NSA

The government's arguments in the case shed more light on the computer networks intended to keep America safe by tapping into other networks, and the systems that are in place to protect Americans' privacy too.

While scanning torrents of Internet data, according to an NSA brief, its software "identifies and segregates those types of Internet transactions that are most likely to contain wholly domestic communications and non-target communications to or from US persons or persons located in the United States, (2) restricts analysts’ access to segregated transactions, (3) destroys transactions determined to contain wholly domestic communications, and (4) destroys all Internet transactions two years after the date of the certification authorizing the collection."

Advertisement

EFF lawyers maintain that the destruction of potentially incriminating evidence is material to the case, notwithstanding the NSA's justification for the destruction.

"This is not the main event in our case," said Crocker, the EFF lawyer, "but it does also call attention to the games that the government has been playing."

The government also argues that Jewel and the other plaintiffs lacked standing to sue the government because they can’t prove that surveillance took place. Their argument cites the February 2013 Supreme Court decision, Clapper v. Amnesty International, but that decision was made prior to the Snowden disclosures, which have added new emphasis and new evidence to pending NSA cases.

Crocker said that EFF will continue to push for the retention of evidence in Jewel and in others, and seek a remedy from the judge, a presumption "that the evidence that was destroyed would have showed that our client's communications were collected."

"We're not alleging super malicious actions," he said. "It doesn't have to rise to that."

--

Below, pertinent recent documents in Jewel vs. NSA, via the EFF website.

Plaintiffs' Brief Re the Government's Non-Compliance with the Court's Evidence Preservation Orders

Government's Opposition to Plaintiffs' Emergency Application to Enforce TRO: