NSA Faces New Lawsuit Over Mass Surveillance

By Steve Rensberry 

srensberry@rensberrypublishing.com
-------------------------------------------------

    (RPC) - 3/11/2015 - The American Civil Liberties Union has filed a new lawsuit against the National Security Agency on behalf of multiple plaintiffs. At issue is the agency's practice of conducting "upstream surveillance," and the broad scope of the FISA Amendments Act of 2008, which the ALCU says violates both the U.S. Constitution and the reasonable expectation of privacy that average citizens and others who rely on confidential, secure communications have.
   The suit asks that the practice of upstream surveillance be declared unlawful and stopped immediately, and that the government be required to purge all information from its databases with respect to the plaintiffs.
  Plaintiffs include the Wikimedia Foundation, The National Association of Criminal Defense Lawyers, Human Rights Watch, Amnesty International USA, PEN American Center, Global Fund for Women, The Nation Magazine, The Rutherford Institute, and The Washington Office on Latin America.
   “Upstream surveillance, which the government claims is authorized by the FISA Amendments Act of 2008, is designed to ensnare all of Americans’ international communications, including emails, web-browsing content, and search engine queries,” the ACLU states. “It is facilitated by devices installed, with the help of companies like Verizon and AT&T, directly on the internet 'backbone' – the network of high-capacity cables, switches, and routers across which Internet traffic travels.”
   The complaint, dated March 10, 2015, challenges what it says is “the suspicionless seizure and searching of internet traffic by the National Security Agency (NSA) on U.S. Soil,” putting in jeopardy billions of sensitive international communications conducted each year by various educational, legal, human rights and media organizations – effectively undermining their ability to conduct activities which are crucial to their missions.
   Defendants named in the suit include the Fort Meade, Maryland-based National Security Agency/Central Security Service, NSA Director Michael S. Rogers, the Defendant Office of the Director of National Intelligence (ODNI), Director of National Intelligence James R. Clapper, the Department of Justice, and U.S. Attorney General Eric H. Holder.
   While the Foreign Intelligence Surveillance Act was enacted in 1978, it has undergone numerous amendments over the years, one of the latest of which was the FISA Amendments Act (FAA) signed by former President George W. Bush on July 10, 2008.
   “The FAA radically revised the FISA regime that had been in place since 1978, by authorizing the acquisition without individualized suspicion of a wide swath of communications, including U.S. persons' international communications, from companies inside the United States,” the complaint states.
   The act prohibits the specific targeting of U.S. citizens, but is defined so broadly the plaintiff's say that just about any type of communication by citizens (corporations and associations included) outside the country is fair game.
   As stated in the suit: “Thus, though the FAA is nominally concerned with the surveillance of individuals and groups outside the United States, it has far-reaching implications for U.S. persons' privacy. The targets of FAA surveillance may include journalists, academic researchers, human rights defenders, aid workers, business persons, and others who are not suspected of any wrongdoing. In the course of FAA surveillance, the government may acquired the communications of U.S. citizens and residents with all of these persons.”
   Other concerns expressed in the complaint:
   -- Upstream surveillance does not share the same limitations as that of standard NSA targets, but essentially involves a fishing expedition by collecting and storing all international communications by everyone in order to filter them through a set of search terms for review and potentially further surveillance.
   -- Although so-called targeting and minimization procedures are in place to limit how data is used, those procedures are very permissive and filled with exceptions, that allow the NSA to retain anything it collects for a period of up to three years, or indefinitely if such communications are encrypted.
   “The interception, copying, and review of Plaintiffs' communications while in transit is a violation of plaintiffs' reasonable expectation of privacy in those communications. It is also a violation of plantiffs' right to control those communications and the information they reveal and contain,” the suit states.
   The complain cites action by the government in 2013, as noted by the director of national intelligence, where 89,138 individuals, groups and organizations were targeted for surveillance under a single court order; in addition to the collection of 150 million internet communications in 2011 alone under the FAA.
   ACLU Staff Attorney Patrick Toomey cites a quoted comment made by former NSA Director Michael Hayden, who stated: “Let me be really clear. NSA doesn't just listen to bad people. NSA listens to interesting people. People who are communicating information,” as evidence that there are  very few limitations on the agency's spying activities.
   “The fact that upstream surveillance is supposedly focused on international communications is hardly a saving grace. Americans spend more and more of their lives communicating over the Internet – and more and more of those communications are global in nature, whether we realize it or not,” Toomey writes. “An email from a woman in Philadelphia to her mother in Phoenix might be routed through Canada without either one knowing it. Similarly, companies like Microsoft and Google often store backup copies of their U.S. customers' emails on servers overseas, again with hardly anyone the wiser. The NSA is peeking inside virtually all of these.”
   Toomey criticizes the practice of upstream intelligence gathering as something that flips the Constitution on its head.
   “It allows the government to search everything first and ask questions later, making us less free in the process,” Toomey writes. “Our suit aims to stop this kind of surveillance.”

ACLU Appeals Dismissal of NSA-Related Suit

   (ACLU) - 1/5//2014 - The American Civil Liberties Union and the New York Civil Liberties Union filed a notice of appeal on January 2 in their federal lawsuit challenging the constitutionality of the NSA’s mass call-tracking program. Last Friday, the district court dismissed the case, ACLU v. Clapper, ruling that the program was constitutional and did not exceed the authority provided in the Patriot Act.
   "We believe that the NSA’s call-tracking program violates both statutory law and the Constitution, and we look forward to making our case in the appeals court,"  ACLU Deputy Legal Director Jameel Jaffer said. Jaffer is one of the two ACLU attorneys who argued the case in November.
   "The government has a legitimate interest in tracking the associations of suspected terrorists, but tracking those associations does not require the government to subject every citizen to permanent surveillance. Further, as the president’s own review panel recently observed, there’s no evidence that this dragnet program was essential to preventing any terrorist attack. We categorically reject the notion that the threat of terrorism requires citizens of democratic countries to surrender the freedoms that make democracies worth defending."
   The ACLU anticipates that the Second Circuit Court of Appeals will set an expedited briefing schedule and that it will hear oral argument in the spring.
   The recent ruling by U.S. District Judge William H. Pauley III conflicted with the December 16 decision in a similar lawsuit in Washington, Klayman v. Obama, in which U.S. District Judge Richard J. Leon found the NSA program to be likely unconstitutional. The Justice Department has 60 days to file an appeal. A federal court in San Francisco is currently considering a third case, First Unitarian Church of Los Angeles v. NSA, filed by the Electronic Frontier Foundation.
  The ACLU is a customer of Verizon Business Network Services, which, as revealed in The Guardian, received a secret order from the Foreign Intelligence Surveillance Court compelling the company to turn over "on an ongoing daily basis" phone call details such as whom calls are placed to and from, and when those calls are made. The lawsuit argues that the government’s blanket seizure of the ACLU’s phone records compromises the organization’s ability to carry out its work and to engage in legitimate communications with clients, journalists, advocacy partners, whistleblowers, and others.
   The appeal is available at: aclu.org/national-security/aclu-v-clapper-notice-appeal

EFF Says Lavabit Subpoena Violates Constitution

   (EFF) - 10/27/2013 - Federal law enforcement officers compromised the backbone of the Internet and violated the Fourth Amendment when they demanded private encryption keys from the email provider Lavabit, the Electronic Frontier Foundation (EFF) argues in a brief submitted Thursday afternoon to the US Court of Appeals for the Fourth Circuit. In the amicus brief, EFF asks the panel to overturn a contempt-of-court finding against Lavabit and its owner Ladar Levison for resisting a government subpoena and search warrant that would have put the private communications and data of Lavabit's 400,000 customers at risk of exposure to the government.
   For nearly two decades, secure Internet communication has relied on HTTPS, a encryption system in which there are two keys: A public key that anyone can use to encrypt communications to a service provider, and a private key that only the service provide can use to decrypt the messages.
   In July, the Department of Justice demanded Lavabit's private key—first with a subpoena, then with a search warrant. Although the government was investigating a single user, having access to the private key means the government would have the power to read all of Lavabit's customers' communications. The target of the investigation has not been named, but journalists have noted that the requests came shortly after reports that NSA whistleblower Edward Snowden used a Lavabit email account to communicate.
   "Obtaining a warrant for a service's private key is no different than obtaining a warrant to search all the houses in a city to find the papers of one suspect," EFF Senior Staff Attorney Jennifer Lynch said. "This case represents an unprecedented use of subpoena power, with the government claiming it can compel a disclosure that would, in one fell swoop, expose the communications of every single one of Lavabit's users to government scrutiny."
   EFF's concerns reach beyond this individual case, since the integrity of HTTPS is employed almost universally over the Internet, including in commercial, medical and financial transactions.
   "When a private key has been discovered or disclosed to another party, all users' past and future communications are compromised," EFF Staff Technologist Dan Auerbach said. "If this was Facebook's private key, having it would mean unfettered access to the personal information of 20 percent of the earth's population. A private key not only protects communications on a given service; it also protects passwords, credit card information and a user's search engine query terms."
   Initially, Levison resisted the government request. In response, a district court found Lavabit in contempt of court and levied a $5,000-per-day fine until the company complied. After Levison was forced to turn over Lavabit's key, the certificate authority GoDaddy revoked the key per standard protocol, rendering the secure site effectively unavailable to users.
   Since Lavabit's business model is founded in protecting privacy, Levison shut down the service when it no longer could guarantee security to its customers.
   "The government's request to Lavabit not only disrupts the security model on which the Internet depends, but also violates our Constitutional protections against unreasonable searches and seizures," EFF Staff Attorney Hanni Fakhoury said. "By effectively destroying Lavabit's legitimate business model when it complied with the subpoena, the action was unreasonably burdensome and violated the Fourth Amendment."
   The deadline for the government's response brief is Nov. 12, 2013.
   For EFF's full amicus brief, see: https://www.eff.org/document/lavabit-amicus

   Source: Electronic Frontier Foundation

ACLU Lawsuit Prompts NSA Document Release

   NEW YORK (ACLU) - 9/10/2013 - The government today declassified 14 documents relating to legal violations by the NSA’s spying program. The documents were released pursuant to an agreement in a Freedom of Information Act lawsuit filed by the American Civil Liberties Union in May 2011. The ACLU’s FOIA request seeks documents related to the government’s use and interpretation of the Patriot Act’s Section 215.
   “These documents show that the NSA repeatedly violated court-imposed limits on its surveillance powers, and they confirm that the agency simply cannot be trusted with such sweeping authority,” ACLU National Security Project Staff Attorney Alex Abdo said. “The abuses revealed in these documents are alarming but also predictable. These violations are the inevitable result of allowing the NSA to assemble a vast database of sensitive information about every American. The documents provide further evidence that secret and one-sided judicial review is not an adequate check on the NSA’s surveillance practices. The so-called ‘compliance incidents’ are troubling, but this is a program that should never have been authorized to begin with. The NSA should end the bulk collection of information about Americans.”
   Yesterday in Washington, Abdo and ACLU Legislative Counsel Michelle Richardson met with members of a group appointed by the Obama administration to review surveillance policies with the stated purpose of ensuring that national security needs are properly balanced with civil liberties.
   The ACLU has filed a lawsuit challenging the constitutionality of the NSA’s mass phone records collection program. Oral argument in the case is scheduled for November 1 in New York.
   The documents turned over today, which include opinions and orders from the secret Foreign Intelligence Surveillance court, were also released to the Electronic Frontier Foundation under a separate FOIA request.
   Information on the ACLU’s Section 215 FOIA lawsuit can be found at: aclu.org/national-security/section-215-patriot-act-foia
   Source: ACLU release

Domestic Surveillance Practices Are Indefensible

                     By Steve Rensberry

                          Commentary

--------------------------------------------------------

   (RPC) - 7/4/2013 - The massive data mining practices currently being undertaken by agencies in the United States are like a knife in the heart to a free and open society.
   Irrespective of the government's stated intent that it means us no harm and that they are only seeking to protect us from terrorism, the mass surveillance and collection of an entire population's Internet communications and phone records--and who knows what else--is deeply damaging to the body politic.
   The goal, it would seem, is not merely to apprehend criminals and punish them when others are hurt, but to predict the behavior of all of us through an analysis of both our behavior and thoughts -- gleaned from the words we use and the things we share and derived from digital algorithms and selected criteria hatched behind guarded doors and the walls of secretive agencies. There is nothing inherently wrong with taking reasonable steps to prevent crime, but what is freedom worth without the basic right to free and open communication? Digital communication is all but ubiquitous in a modern society.
   The government, and the National Security Agency in particular, has no justifiable reason in digging for data on innocent Americans, or in collecting metadata that contains details of who people talk to, what they read and what they do in the digital world. Certainly the objective of fighting terrorism can be accomplished with far less intrusive means, that respects our privacy.
   What we now know is that every email you send to your relatives, every phone call you make and receive, every business dealing,  financial transaction and text message that you make using electronic communication, will now be analyzed, scanned, profiled and stored indefinitely for easy access by agents snooping for dirt.
   Who will be watching the watchers?

   It is not Google the search engine you will be using to search the Internet. It is, for all practical purposes, a government search engine. The same can be said for Yahoo, Microsoft's Bing, Facebook and all the rest of today's Internet giants who are now routinely ordered to hand over records containing some of the most personal electronics transactions we make.
   Entrusting our data with private-sector corporations is one thing. Having it collected and stored by powerful government agencies as though we were common criminals who need constant surveillance is another thing entirely.
   David Rosen, writing about "6 Government Survillance Programs Designed to Watch What You Do Online," noted in June of 2012 the growing list of methods by which the U.S. government tracks, without probably cause, the behavior and habits of its own civilians. These include a procedure by the Justice Department's Computer Crime and Intellectual Property section to gather data from social networking sites in order to "establish motives and personal relationships"; the IRS practice of using sites such as Facebook and Google to investigate taxpayers; an effort by the Director of National Intelligence to obtain a mechanism to "integrate all online information,"; a Defense Department effort involving a "Social Media Strategic Communications (SMISC) program; and an FBI effort to develop an "FBI Social Media Application," program.
   Add to these a long list of other government surveillance projects such as the Nationwide Suspicious Activity Reporting Initiative; PRISM; DCSNet: Main Core: NSA Call Database; Intelligence Community (IC); Financial Crimes Enforcement Task Force: Terrorist Finance Tracking Program; Tailored Access Operations and Boundless Informant .
   A June 15, 2013 story by the Associated Press entitled "PRISM part of a much larger government surveillance program,"  cites a program called US-98XN which predates the PRISM program and which it says has been collecting data on U.S. citizens from private sector companies for years.

   Other past efforts have included Project Echelon, the Total Information Awareness System, the COINTELPRO program and Spygate.
   Computer and digital technology has provided us with tremendous freedom to express our ideas and to communicate, all at speeds that would have been unimaginable just 20 years ago. We can send, receive and store practically an endless number of photos, documents and messages.
   But it's a freedom that clearly has become a two-edged sword.
   It's sad and unfortunate, but the days of deep encryption, digital privacy fences, multiple aliases and the serious mistrust of everything we see and hear, appear poised to grow exponentially.
   Unless things change, the days of a free and open Internet, of corporations that can be trusted to safeguard our data for an exchange of services and revenue, would appear all but dead. (Edited with corrections, July 5, 2013)

For further reading:

NSA spying FAQ

Spying on Americans

NSA: It Would Violate Your Privacy Right To Say If We Spied On You
In NSA Surveillance, Echoes of World War I
Revealed: NSA program collects 'nearly everything a user does on the internet'