Intelligence Oversight and How It Can Fail

Former NSA attorneys John DeLong and Susan Hennessay have written a fascinating article describing a particular incident of oversight failure inside the NSA. Technically, the story hinges on a definitional difference between the NSA and the FISA court meaning of the word “archived.” (For the record, I would have defaulted to the NSA’s interpretation, which feels more accurate technically.) But while the story is worth reading, what’s especially interesting are the broader issues about how a nontechnical judiciary can provide oversight over a very technical data collection-and-analysis organization—especially if the oversight must largely be conducted in secret.

From the article:

Broader root cause analysis aside, the BR FISA debacle made clear that the specific matter of shared legal interpretation needed to be addressed. Moving forward, the government agreed that NSA would coordinate all significant legal interpretations with DOJ. That sounds like an easy solution, but making it meaningful in practice is highly complex. Consider this example: a court order might require that “all collected data must be deleted after two years.” NSA engineers must then make a list for the NSA attorneys:

  1. What does deleted mean? Does it mean make inaccessible to analysts or does it mean forensically wipe off the system so data is gone forever? Or does it mean something in between?
  2. What about backup systems used solely for disaster recovery? Does the data need to be removed there, too, within two years, even though it’s largely inaccessible and typically there is a planned delay to account for mistakes in the operational system?
  3. When does the timer start?
  4. What’s the legally-relevant unit of measurement for timestamp computation­—a day, an hour, a second, a millisecond?
  5. If a piece of data is deleted one second after two years, is that an incident of noncompliance? What about a delay of one day? ….
  6. What about various system logs that simply record the fact that NSA had a data object, but no significant details of the actual object? Do those logs need to be deleted too? If so, how soon?
  7. What about hard copy printouts?

And that is only a tiny sample of the questions that need to be answered for that small sentence fragment. Put yourself in the shoes of an NSA attorney: which of these questions—­in particular the answers­—require significant interpretations to be coordinated with DOJ and which determinations can be made internally?

Now put yourself in the shoes of a DOJ attorney who receives from an NSA attorney a subset of this list for advice and counsel. Which questions are truly significant from your perspective? Are there any questions here that are so significant they should be presented to the Court so that that government can be sufficiently confident that the Court understands how the two-year rule is really being interpreted and applied?

In many places I have separated different kinds of oversight: are we doing things right versus are we doing the right things? This is very much about the first: is the NSA complying with the rules the courts impose on them? I believe that the NSA tries very hard to follow the rules it’s given, while at the same time being very aggressive about how it interprets any kind of ambiguities and using its nonadversarial relationship with its overseers to its advantage.

The only possible solution I can see to all of this is more public scrutiny. Secrecy is toxic here.

Tags: , , , ,

Posted on October 18, 2016 at 2:29 PM51 Comments

Comments

Ross Snider October 18, 2016 2:53 PM

  1. What does deleted mean? Does it mean make inaccessible to analysts or does it mean forensically wipe off the system so data is gone forever? Or does it mean something in between?

It means “forensically wipe off the system so data is gone forever.”

  1. What about backup systems used solely for disaster recovery? Does the data need to be removed there, too, within two years, even though it’s largely inaccessible and typically there is a planned delay to account for mistakes in the operational system?

Yes.

  1. When does the timer start?

The day the data is collected.

  1. What’s the legally-relevant unit of measurement for timestamp computation­ — a day, an hour, a second, a millisecond?

One day.

  1. If a piece of data is deleted one second after two years, is that an incident of noncompliance? What about a delay of one day?

Yes. It’s limit. If you expect delays, start the wipe process early.

  1. What about various system logs that simply record the fact that NSA had a data object, but no significant details of the actual object? Do those logs need to be deleted too? If so, how soon?

They need to be deleted on shortest timeline of any material data referenced in the metadata.

  1. What about hard copy printouts?

Forensically destroyed on the same timeline.

But regardless: mass surveillance and mass propaganda are illegitimate, and storing data from mass surveillance for two years is similarly illegitimate. It should never be collected. Therefore, the guideline of two years is absurd.

Frank Wilhoit October 18, 2016 3:27 PM

Oversight works where there is the will to make it work, and not otherwise. Issues of craft do not enter into the question at all. The definition of oversight is that there is a body (A) whose permission is necessary for any operation to proceed and (B) that is biased against giving that permission. Miss out either of these conditions and you do not have oversight, you have the deliberately-misleading illusion of oversight.

Bruce Schneier October 18, 2016 3:41 PM

@Ross Snider:

Yes, I know you — and I, and others — can fill in answers. And we’ll all like the ones we fill in. The point is how to ensure that the courts and the NSA technologists agree on the answers where it matters, in this relatively simple instance and in much, much more technically complicated instances.

Dan Hill October 18, 2016 3:53 PM

An interesting article, but I think the authors paint the problem as more complex than it is. Take question 4. Does any really think that if the IT group had assumed a nightly batch job met the spirit of the law anyone would have objected? I would be pissed at the ACLU for wasting the money I give them if they brought a lawsuit like that.

Honest mistakes are normally distributed. In the NSA context, honest misinterpretations would be just as likely to decrease the scope of data collection/analysis as to increase it. It’s hard when so much is secret, but I haven’t heard any stories about the NSA doing less spying that is legal and constitutional. Which tells me the problem is one driven by a fundamental cultural problem in the organisation i.e. a desire to collect and analyse everything.

In a different culture, one that put constitutional protections first, it would be easy to derive liberty-maximising default answers to all the questions posed in the example. Then, if the NSA didn’t like those answers, they would go through a deliberate process of confirming whether something more is legal.

Ross Snider October 18, 2016 3:55 PM

@Bruce Schneier

Absolutely I do think you are right that the oversight of powers need to be on the same page about which limitations are in orders and how to interpret those limitations (as we’ve seen secret interpretations are common practice). I also get that this is the point.

On a generalized note, we might want the legislature and law to be on the same page as the oversight committees and we might want the people to be on the same page as the legislature.

I think that’s where my comment had been going with its addendum at the end: there’s a lot of hands in this giant bureaucracy, and the centers that wield certain kinds of powers (surveillance and propaganda as examples, but also torture, assassination, sabotage, extraordinary rendition, support of foreign terrorist organizations, etc) are separated in perspective not just from oversight committees but from the American public itself – much of this because the types of force given to these centers of power are not widely considered legitimate.

I think perhaps that’s where your post was going as well: public scrutiny and a shared understanding about the justification, use and limitation of capability with the public understanding would go a long way toward democratizing that power.

I’m not sure that the public has the ‘stomach’ to understand that the surveillance and propaganda capabilities centered in the NSA are about state power rather than anti-terrorism or anti-boogymen. So I’m less hopeful that true transparency can be found.

Anordnung 17364/323d/(A1205b) October 18, 2016 4:21 PM

Beltway legal hacks Hennessey and DeLong are in high dudgeon. It hurt their feewings when they got caught shitting on the peoples’ rights. First they packed the PCLOB with heel-clicking ignoramuses so they could ignore the supreme law of the land with which domestic legislation at all levels must be brought into compliance, unambiguously articulated for implementation by the most highly qualified publicists:

http://hrlibrary.umn.edu/gencomm/hrcom16.htm
http://www2.ohchr.org/english/bodies/hrc/docs/gc34.pdf

Then when they could hide from real law they made up lots of fake law. They churned out red tape to confuse the compliant dimbulbs on their rubber-stamp FISC. Now they’re trying to bore you into submission with the minutia of their tortured justifications for manifestly illegal acts.

Is Lawfare in some sort of bell jar or anechoic chamber? It must be. Otherwise these bureaucrats could never come out and say that ridiculous bullshit about integrity and a nation of laws. They seem to think that no one’s on to them, that people take them for a legitimate government and not a criminal enterprise. This is an agency that committed millions of felonies and got away with it; an agency that selects noncombatant victims for widespread and systematic murder, torture, or disappearance constituting crimes against humanity.

The only possible solution is to make sure third-rate shysters Hennessey and Delong are first in line for the short drop at Nuremberg II, when the Russians get fed up.

Riccardo Cabeza October 18, 2016 4:41 PM

given republican obstructionism and penchant for more government power, oversight will never happen and the US will continue to incrementally slide forever closer to fascism.

No one will ever be accountable, Deep State wins again.

Wok October 18, 2016 5:14 PM

@Anordnung

NSA isn’t exactly an operational agency in the sense of going out to the battlefield to commit murder. Best to be specific when referring to who is responsible for what action when it comes to claims of killing noncombatants.

@Riccardo Cabeza

When it comes to the Intelligence Community, obstructionism against oversight and meaningful controls are a bipartisan activity. Conversely, those who wish to narrow the breathtaking capabilities and access the NSA has are bipartisan in nature as well.

This isn’t a topic that fits well into partisan buckets. Best to put partisan grudges asides here as they, unusually enough, don’t appear relevant.

Anon10 October 18, 2016 5:27 PM

The effectiveness of all intelligence programs is inversely proportional to what’s publicly known about them. The NSA needs less public scrutiny not more.

Tony H. October 18, 2016 6:20 PM

@Bruce Schneier:
Yes, I know you — and I, and others — can fill in answers. And we’ll all like the ones we fill in. The point is how to ensure that the courts and the NSA technologists agree on the answers where it matters, in this relatively simple instance and in much, much more technically complicated instances.

Thing is, this is a list of fatuous questions which pretty much everyone here will answer the same way. But the questions attempt to frame the debate, and distract from discussing more realistic questions about the entire episode.

There is a pattern here from at least one of these authors. In another Lawfare article on a kiddy porn investigation we see the same kind of framing questions purportedly for a court (and even defense attorneys!) to consider, but which completely misdirect attention away from the likely explanation of NSA and parallel construction, and toward pseudo technical issues of why independent experts must at all costs not be allowed to see the details of a supposed FBI TOR exploit.

Daniel October 18, 2016 6:23 PM

I fundamentally disagree with claims such as “secrecy is toxic”. At worst it is wrong and at best it frames the issues in the wrong way (cf, Bruce’s “eternal right to privacy”). The underlying problem isn’t whether something is secret or not, the underlying problem is the fact that the government gets to play by one set of rules and everyone else gets to play by another set of rules that constrains and confines them in ways the government doesn’t have to deal with. And then we have idiots such as Wittes blasting Trump for flouting the rule of law. Seeesh, well I wonder where he learned that from??

Secrecy is not toxic, unrestrained power is toxic and the idea that FISA is or ever has provided meaningful restraint on any member of the intelligent services is laughable.

Daniel October 18, 2016 6:33 PM

“In many places I have separated different kinds of oversight: are we doing things right versus are we doing the right things?”

This is cute wording but in fact the rest of the post illustrates that while there might be a conceptual difference between the two things in practice they interact with each other. The first example given of when to wipe data is a illustration: when to wipe data is an ethical decision. You can’t escape that ethical issue by labeling the problem “technical”.

More broadly, asking the kind of question the authors are asking is a classical example of putting the cart before the horse. If the NSA is doing the wrong thing then no amount “technical” manipulation solves the directional problem. Indeed, I’d rather the NSA be fighting with the DOJ while trying to do the right thing then have the NSA and the DOJ cooperate while doing the wrong thing.

Anordnung 17364/323d/(A1205c) October 18, 2016 6:50 PM

@Wok

‘We track em, you whack em,’ will be perfectly clear to the tribunal. NSA is why Kareem Khan’s kid is dead instead of him.

Grauhut October 18, 2016 7:01 PM

@Bruce: “For the record, I would have defaulted to the NSA’s interpretation, which feels more accurate technically.”

Even if i don’t like the US IC System, since as a non US citizen it offers me no legal protection of my privacy, even if i served once in the same NATO club, i would have made the same mistake as the NSA. 🙂

Data in transit is not archived data and if someone writes about archived data i would have assumed he knows multiple forms of data, like me and only wants to limit access to the big fish tank. Would have made sense to me, no evil spirit needed.

clarity October 18, 2016 9:52 PM

Answers become a lot clearer when the parties involved aren’t trying to subjugate the spirit of privacy and oversight.

In the end, it’s a bunch of bs designed to distract and confuse.

Clive Robinson October 18, 2016 11:26 PM

@ Bruce,

Most of the “issues” are deliberately engineered to be so by the authors.

Take the “time” issue, it’s actually quite simple to resolve and the legal system it’s self has no problems with it[1].

Thus data be it meta or traffic that is collected, is collected at a certain date and time UTC. The data should be purged before it is two years old. Plain and simple.

The problem is the NSA lawyers pushing the envelope to try to say that they “must keep for two years exactly” and “you can not delete data,instantly”. Therefor they are smokescreening / bull shitting a time extension they have no legal right to, by claiming quite falsely it’s a hard problem.

They know what the problems are and how to deal with them, thus they should start the deletion process atleast that time period before the two year deadline. If they don’t and they fail to fully delete then they should be treated in a similar way to which the NSA treats those who missuse clasified documents.

Only when the penelties are raised to a high enough level and sufficiently enforced will this conspired nonsense stop.

In the UK utility companies due to their own failings would harass people almost endlessly. Their oft repeated excuse was “Computer Error”. Well one individual got so sick –literally– with the harassing behaviour she took British Gas to court under the civil part of the harassment act. Well it ended up infront of some of the most senior judges in the country, where it was decided that,

As computer systems are programed, maintained and run by humans within the organisation, then the computer systems therefore act under the direction of a controling mind within the organisation. Thus the computer is not at fault the humans are and the humans who are the controling mind are liable for any harassment.

So I suspect that the argument that the judiciary can not effectivly understand technology is moot. Because as the judges accuratly surmised it’s very much a human issue not a tool issue.

It’s often been said that a workman who blaims his tools is a poor one, and thus should not misrepresent himself as competent.

All I see is a couple of NSA “mouth pieces” blaiming their tools, thus neither they nor the organisation they represent is competent.

Perhaps a few US FISA judges should publically make the same observation, then perhaps things would start to change. And if they did not start to change or foot dragging kicked in, sticking a few of the NSA staff –especialy the legal ones– in a cell on contempt charges would cause the NSA seniors to “clean out the stables”.

Contrary to what this pair are arguing this is neither complex or unresolvable, so don’t get taken in buy the nonsense.

[1] Think about things like age from birthdays etc, the courts work on recognised calendars and the timezone in the jurisdiction concerned. They set up prohibition periods where you are not alowed to do an action before or after the end of the last second of that date. If you infringe on the wrong side of that epoch in any way then you are guilty, unless other defense can be shown, and again those are prescribed by law.

Peter Shenkin October 19, 2016 12:04 AM

I agree with Schneier and Grauhut. There’s no way that data in transit would be considered “archived” to anyone familiar with the term. If NSA made a mistake in interpretation, then certainly it is because FISA made an error in specification.

The article makes a big deal about the ease of misinterpretation, pointing out the difference between engineers and lawyers. However, they themselves describe their version of what happened – at both the technical and the legal level – so clearly that you don’t have to be either an engineer or a lawyer to understand it. Thus, at the “misinterpretation” level, I don’t think the lawyer/engineer dichotomy was at all the problem. At the level of misinterpretation, the problem (if their version of the story is accurate) was clearly FISA’s misuse of a term which, if they didn’t know what it meant, they shouldn’t have used at all. And again, at the level of misinterpretation, I would go farther than the authors in defense of NSA. I don’t think that FISA can seriously argue that NSA did not carry out what their order said; they can only argue that NSA did not carry out what the judges had in mind; but there’s no way NSA could read the judges’ minds. (Well, maybe NSA has technology that could do so, but if so, they did not bring it to bear. 🙂 )

However, the authors’ “Misrepresentation” rationale is tough to credit. They conclude, “In short, the lawyers were relying on the operational personnel to identify relevant errors, and the operational personnel were relying on the lawyers to know what was legally relevant.” But the excerpt they provide does not justify the conclusion that this mutual reliance was responsible for the misrepresentation. The excerpt provides an explicit description of an operational procedure in language that anyone, including even engineers ( 🙂 ), could understand. It was utterly clear. But it was also utterly wrong. It does not describe what the engineers were in fact doing. Yet, the operational people passed it as accurate. The most charitable interpretation I can imaginet is that they failed to read it and therefore failed to correct it.

Less charitable would be the guess that they saw it, noticed that it was inaccurate, but liked the legal conclusion, and figured they’d take it however they could get it. And after all, we’re tired of being distracted from our important work by these pesky legal issues, aren’t we?

Uncharitable would be the conclusion that neither FISA nor the NSA gives a damn about the law or the Constitution, and all they want to do is rubber stamp each other and keep the rest of us from discovering all the dirty things they’re doing. But I’m a liberal and therefore prefer not to think so ill of people. So, in the great liberal tradition of compromise, personally, I’ll stick with the “less charitable” conclusion.

{} October 19, 2016 12:04 AM

@Daniel

Secrecy is not toxic, unrestrained power is toxic

A simplistic, nevertheless mostly true formula:
secrecy + information = power = corruption

If you’re at all concerned about unrestrained power and corruption, then you ought to be worried about secrecy.

Peter Gerdes October 19, 2016 1:35 AM

5) Seems to be a non-issue. Ultimately, there has to be some duration immediately after which retained data is deemed to be an instance of non-compliance. Otherwise, one can easily prove that one can keep data for an arbitrary length of time without being in non-compliance.

Just don’t make the minimum time that things must be kept equal to the maximum time.

But just a nit-pick. Overall point stands.

Peter Gerdes October 19, 2016 1:43 AM

@Dan Hill

Your claim that the problem is less complex assumes that the only kind of violations will be well-intentioned technical breaches (using a daily batch job etc..).

There is equally well the possibility of delibrate use of ambiguity to evade restrictions. For instance, suppose one decides not to count data captured in backups past the time it was supposed to be deleted as an instance of non-compliance. Some need arises to access that data so someone creates an easy mechanism to locate and retrieve that data (presumably when retrieved there is some new justification for holding on to it for some period).

This definitely undermines the spirit of the rules but no one can be prosecuted for merely violating the spirit of the law, only the law itself. Thus, in the absence of a detailed working out of these questions there is the possibility of abuse.

Peter Gerdes October 19, 2016 1:56 AM

Finally, I fail to see how more public scrutiny could solve this kind of problem.

Ultimately, one can’t simply publish all internal documents, employee manuals, descriptions of software systems etc.. Even much less secretive government programs don’t simply publish all internal documents online (imagine if the exact procedure by which an audit was triggered were available online).

This means even with less secrecy we will be relying on summaries about the programs and those summaries will certainly not be prepared with the same level of care the mistaken report to the FISA court was. So even with less secrecy it seems plausible that the same kind of error in describing the actual process could easily occur.

An alternative solution is a bug bounty for incorrect description in legal documents describing NSA practice. Let the engineers at the agency earn bonuses by finding inaccuracies in the submitted documents.

David October 19, 2016 1:59 AM

Deleted after two years just means do not delete before two years. Anything after that, no matter how long, is after.

Jo Doform October 19, 2016 2:13 AM

The whole discussion looks childish to no end. It’s just lawyers raising questions to waste time and confuse people.

The answers to all should be “Yes, whatever way you or anyone else can think of.” And if they’re unsure, they should delete the stuff a day earlier to be on the safe side.

Grauhut October 19, 2016 2:32 AM

Peter Shenkin: “FISA made an error in specification”

I dont think this was an error of the FISA judges, it was just a misunderstanding.

From the judges point of view the NSA seems to be a big .gov archive (including retrieval systems) and the data was “archived” as soon as it arrived there by FISA definition.

MPAA October 19, 2016 2:51 AM

@Bruce Schneier “Yes, I know you — and I, and others — can fill in answers. And we’ll all like the ones we fill in. The point is how to ensure that the courts and the NSA technologists agree on the answers where it matters, in this relatively simple instance and in much, much more technically complicated instances.”

Had I rented a copyrighted video for two years, no one would defend me nitpicking such dumb questions on my allowed use of that video.

Why is it different when the NSA has two-year long rights on my private data ?

keiner October 19, 2016 4:21 AM

These questions are from the CIA handbook on how to sabotage instituions/organizations.

Don’t take these guys for serious with nonsense questions like this, the medieval and ancient sophists would have done the same, but on a much higher intellectual level. But overall the NSA/CIA is an insult for every clear thinking person when it comes to justifying there illegal doings.

graham October 19, 2016 6:12 AM

What does deleted mean?
What about backup systems used solely for disaster recovery?
What’s the legally-relevant unit of measurement for timestamp computation?
If a piece of data is deleted one second after two years, is that an incident of noncompliance?
Do those logs need to be deleted too? If so, how soon?
What about hard copy printouts?

I’m going to say that if these questions aren’t answered to a level that has agreement from technical, legal and IC end user audiences before implementation of that system begins, then the system doesn’t have oversight.

That sounds like an easy solution, but making it meaningful in practice is highly complex.

That’s we we hire Top People, right?

Curious October 19, 2016 7:12 AM

Presumably, the following are basic problems of anything related to understanding something with language (anything you can describe with words really):

• lack of knowledge (being incompetent)
• lack of memory (being incompetent)
• not being honest when you know better (deceit, obfuscation)
• not being forthright and thus not telling the whole truth (unreasonable)
• personal, institutional, or a cultural bias
• corruption (ethical, moral, and criminal)

and

• making generalizations
• relying on generalizations
• intellectual fraud (fallacious and/or missing/omitted arguments)
• hearsay issues (exactly who is making an argument/statement?)

Related topics (about meaning, important for interpretation):
• “death of the author” (bias)
• “deconstrucion” (context)
• “the problem of representation” (general absurdity of life)
• anything to do with language and history of language
• and lots more probably

Curious October 19, 2016 9:00 AM

“What does deleted mean? Does it mean make inaccessible to analysts(…)”

I suspect that a lot of adults can be stupid, regardless of their pay grade.

To be specific, what I mean by adults being stupid, is thinking of how an adult person might have the habit of making use of synonyms, instead of using words that would better help describe something for sake of clarity.

Not only would it be important to be able to explain something clearly (for whatever reason), but it would be equally important to be clearly poignant (and maybe even expressively so), else there could become a sport of someone wanting to more freely try interpret things.

CallMeLateForSupper October 19, 2016 9:50 AM

“Consider this example: a court order might require that ‘all collected data must be deleted after two years’.”

That niggling qualifier, “collected”, has no place there… except to give cover to excluding certain data from destruction.

It would not be the first time that NSA adopted a novel definition of a common word for its own benefit. It is an example of what @Bruce speaks to at the end of his next-to-last paragraph.

Peter S. Shenkin October 19, 2016 10:45 AM

@Grauhut:, who wrote: {Peter Shenkin: “FISA made an error in specification”

I dont think this was an error of the FISA judges, it was just a misunderstanding.

From the judges point of view the NSA seems to be a big .gov archive (including retrieval systems) and the data was “archived” as soon as it arrived there by FISA definition.}

Hi,

Since “archive” is not a legal term, neither the lawyers nor the operational people at NSA could be expected to understand that FISA used the term in something other than its common technical sense. It may be true that “from the judges’ point of view” any data streamed to the NSA seemed to be an archive; but, as I said, NSA cannot be assumed to be able to read the judges’ minds. If that’s what the judges meant, they should not have used the term “archive” (or any other term) to qualify “data”. They should have just referred to “data” without qualifying the term, if they meant all the data. The fact that they qualified the term “data” would I think be taken by anyone to assume that they don’t mean all the data. FISA are presumably good enough lawyers to understand that; and once that conclusion has been drawn, how else could it be interpreted than in the common technical sense of the term “archive”?

So it does seem to me that the judges did not say what they meant (assuming that they are being candid about what they meant and not just trying to cover their asses for a decision they later regretted), and that FISA is therefore to blame for the “misinterpretation”, but of course not for the subsequent “misrepresentation,” which is entirely on NSA’s back.

-P.

Humble Peasant October 19, 2016 11:21 AM

FISA is a rubber stamp. Everyone knows that. Every-one.

All the alleged agonizing over definitions is BS. All it means is a paycheck for the attorneys on both sides. They all know at the end of the day it’s “wink-wink” and NSA can have whatever they want, FISA will approve and it’s because the legal obstacles will be defined away.

The mission is everything. The rule of law is nothing. Because:

Security.

It’s a very dangerous situation. So far there hasn’t been mass violence against the peasantry, but if necessary the attorneys will find a way to authorize mass detention and death of us peasants and FISA will rubber stamp it as always.

Clive Robinson October 19, 2016 12:37 PM

@ Peter S. Shenkin,

I dont think this was an error of the FISA judges, it was just a misunderstanding.

Err no, it’s nothing of the sort. Judges are very carefull and precise with the language they use. They use a standard dictionary (The OED in the UK, not sure which one it is in the US but the Library of Congress will have decided which).

As lawyers the two authors would no this from a fundemental part of their training.

Thus it does not matter a tinkers cuss what meaning the technicians might ascribe to a word as it is compleatly irrelevant. The meaning the judge ascribes is the only one that matters, and it would have been upto the two authors when in their positions within the NSA to make that absolutly crystal clear to the technical people, no ifs buts or maybes. If they did not they were derelict in their duties and could thus be disbared from practicing law.

Thus the article is just a “snow job” for the NSA to try to hide behind when pushing the envelope. The fact that they are alowed to get away with it tells you just how low US jurisprudence has sunk in these areas. To use an old saying, “lower than a snakes belly in a wheel rut”.

Clapper October 19, 2016 12:39 PM

Why “after” in “all collected data must be deleted after two years”? That implies “no sooner than” two years.

Why would there be a prohibition on deleting it ASAP? They should be allowed to delete it whenever they want as long as it’s no later than two years. I’m sure that a bunch of smart lawyers can craft bulletproof language. Are the only smart lawyers involved in this process the ones working for the NSA?

EvilKiru October 19, 2016 2:26 PM

@David, @Clapper: When something must be deleted after two years it means that after two years, no copies must exist, but it’s fine if you delete them sooner. After all, this is about how long they are permitted to retain the data, not how long they are mandated to retain the data.

Just Passin' Thru October 19, 2016 3:19 PM

It seems to me that if something has to be deleted “after 2 years”, then the solution is real easy. Delete it after 23 months.

Better yet, change the wording of the “requirement”, to “delete it before it’s 25 months in your possession”.

Similar wordsmithing can be used to clarify and simplify other issues like archiving, and date specifications.

Anon10 October 19, 2016 5:57 PM

@Clive

Err no, it’s nothing of the sort. Judges are very carefull and precise with the language they use. They use a standard dictionary (The OED in the UK, not sure which one it is in the US but the Library of Congress will have decided which).

As lawyers the two authors would no this from a fundemental part of their training.

This is totally false. There is no such thing as a “standard dictionary” which all judges or lawyers are required to use in the US. One reason that judges sometimes split in US court cases is the majority opinion selects the definition in dictionary A and the minority opinion selects the definition in dictionary B.

Daniel October 19, 2016 6:17 PM

@{} who writes, “A simplistic, nevertheless mostly true formula: secrecy + information = power = corruption.”

The problem with this simplification is that it ignores the way that power scales with organization. There is a limited amount of corruption one person can achieve all by himself, alone in the wilderness. On the other hand there is a great deal of damage a corrupt organization like the NSA can do (assuming it is in fact corrupted.)

That’s important because it suggests that we need to think differently about “state secrets” vs “individual privacy”. In both cases something is hidden but that doesn’t mean we should treat them in the same way.

Anon10 October 19, 2016 6:20 PM

@Tony

Thing is, this is a list of fatuous questions which pretty much everyone here will answer the same way.

Most people on here might answer the questions the same way, but the group think here is hardly the only interpretation. Take what it means for something to be deleted. I bet the average person, and probably even the average judge, would consider a file “deleted” after it’s been sent to the recycle bin.

Clive Robinson October 19, 2016 7:52 PM

@ Anon10,

This is totally false. There is no such thing as a “standard dictionary” which all judges or lawyers are required to use in the US.

I think you are confusing thr meanings of “standard” and “specified”.

The nuts and bolts explanation is, nuts and bolts are manufactured to a standard of which there are several in both metric and imperial measurements. However when put to use in a product the “standard” to use is “specified”.

There are as I indicated several standard works for dictionaries. The overly generalised rules to make it a standard work is that it should be available to all as a refrence, consistantly compiled and the definitions given should be both reasonable and recognisable as being in common usage of the words within.

One issue with all standard dictionaries is concurancy with societal norms of usage. Society moves and languages live, thus the common definitions of words change.

One such word is “manufacture” originaly it ment “made by hand” few would agree with that definition today.

What are not standard works are the domain specific dictionaries, all of which have an Orwellian quality to them (see 1984 and “newspeak”). Often such dictionaries are either not or not readily available outside of the field of endevor or place in which it is carried out, they can and have been called “jargon”.

We have already seen this newspeak / jargon issue with the NSA, where internal to parts of the organisation words cease to have a common usage, for reasons that are at best unclear. Several words that relate to the process of obtaining, communicating, storing and processing both meta-data and content-data had far from normal definitions within the NSA which in effect alowed senior members of the NSA to mislead to their advantage those involved with oversight of the NSA.

On the rare occasion words are used outside of the standard definitions judges take pains to make the meaning well defined within the context of the usage, such that any argument can be followed clearly both currently and in future times such that case law remains consistant.

Thus as I said the two attorneys would definitely know this and it is their job to explain to the required detail the explicit definition of a judges words to their client / employer. To not do so would be a knowing dereliction of their duty to their client / employer.

If you read the part that is quoted above, they are weaseling about by saying,

    NSA engineers must then make a list for the NSA attorneys:

Which to be blunt is not the way it should be done. The attorneys as officers of the court, should explain the scope and specific meaning of the judges words, to the engineers who are in effect the client. The attorneys should then ask the engineers exactly what the work flow is for the data and then advise on each step clearly documenting their legal advice.

Anon10 October 19, 2016 8:57 PM

@Clive

I agree that words would have a common meaning unless otherwise specified, but definitions are not as uniquely defined as you would take them to be. Take the word archived, the first bing search result is the freedictionary, which provides:

  1. often archives A place or collection containing records, documents, or other materials of historical interest: old land deeds in the municipal archives.
  2. Computers
    a. A long-term storage area, often on magnetic tape, for backup copies of files or for files that are no longer in active use.
    b. A file containing one or more files in compressed format for more efficient storage and transfer.
  3. A repository for stored memories or information: the archive of the mind.

There’s four separate definitions, which could lead to different legal interpretations from one dictionary, and that’s from a general purpose, not domain specific dictionary.

gordo October 20, 2016 1:00 AM

Without seeing the application, the Lawfare piece is mere assertion.

RE: “In short, the NSA had implemented a part of that program using an erroneous interpretation of the term ‘archived data’ that appeared in the court’s order” (par. 1).
https://www.lawfareblog.com/understanding-footnote-14-nsa-lawyering-oversight-and-compliance

In that regard, and unless I’m mistaken,* the below copy might be helpful:

Unclassified

Office of the Inspector General
U.S. Department of Justice
Oversight & Review Division 15-05 May 2015

A Review of the FBI’s Use of Section 215 Orders: Assessment of Progress in Implementing Recommendations and Examination of Use in 2007 through 2009

  1. May 23, 2006, Section 215 Application

The records sought by the FBI on behalf of the NSA in the May 23, 2006, Section 215 application were all telephone call-detail records, or telephony metadata, maintained as business records by certain telecommunications carriers. The application sought the production of metadata on an ongoing basis for the duration of the period covered by the Court order. This metadata is a
defined term in the application … .

The purpose of this bulk collection of data, as explained in the application, was to allow metadata analysis, which the application called a significant tool available to the U.S. government in its conflict with [redacted]. According to the application, the call-detail records provided to the NSA on an ongoing basis would be placed in an archive. The NSA could then run “queries” against this archive to identify [redacted]. The queries would attempt to identify communications links to individuals reasonably suspected of being [redacted] (an intelligence technique known as “contact chaining”) [redacted]. According to the application, the telephone numbers selected by the NSA to query the archive would be known telephone numbers for which, “based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable articulable suspicion that the telephone number is associated with [redacted] “terrorist organization,” … .

According to the application, the NSA estimated that only a tiny fraction (0.000025 percent or one in four million) of the call detail records included in the archive were expected to be analyzed. … .

The FISA application proposed restrictions on access to, and the processing and dissemination of, the data collected. … .

The application also pointed to several mechanisms for oversight of the use of meta data, including the creation of a capability to audit NSA analysts with access to the metadata, and the destruction of collected metadata after a period of 5 years. (document pp. 47-48 / PDF pp. 56-57)

https://info.publicintelligence.net/DoJ-FBI-Section215-2007-2009.pdf

  • “archived data” = “collected metadata”, i.e., “this bulk collection of data”.

Somewhat on-topic:
I find the term, “Essentially contested concept”, a nice cultural lens, as well.
https://en.wikipedia.org/wiki/Essentially_contested_concept

…and in relief: http://burnaway.org/feature/theory-studio-archive-expressive-form/

Lastly, over-the-top, and in a manner of speaking, “The Problem: According to the Captain and Cool Hand Luke”, i.e., Footnote 14., https://www.youtube.com/watch?v=aSdXtQ5G30w

Tim van Beek October 20, 2016 7:08 AM

In Germany every company is supposed to comport to both privacy protection laws (from the EU, federal law and state law) and to accounting laws. The former demand data deletion, the latter demand data storage.

Meaning, every single company in Germany has to ask and answer all the questions posed above. And all of them do. And many more, complex ones. And none of that is much of a problem.

vas pup October 20, 2016 12:04 PM

Bruce Schneier • October 18, 2016 3:41 PM
You touched the nerve.
When you have vague content in laws, any other kind of legal regulations (including contracts) it creates ambiguous legal environment. As result courts are final destination (not proper) to provide clarification and reconcile positions of involved parties on particular vague content. In this case winner is not who is right, but who’s legal team is better prepared, i.e. have more power or financial resources.
Suggestion: all legal documents (and laws first of all)should be subjected to linguistic analysis to eliminate possible ambiguity before going into effect – see International Law Agreements or Contracts as example which have at the very beginning set of clear (for all signing party)definitions on all terms (e.g. what kind of ton is in usage). That brings all parties on the same page upfront.
Vague laws create huge space for discretion and/or selective application (honest or biased) by officials of executive branch, and bring substantial financial burden on parties involved and court system.

r October 20, 2016 9:52 PM

“has to be deleted after two years”

How soon after 2 years?

10 years is after 2 ears.

200 years if after 2 years.

I think the idea for a linguistics check on the wording is a great idea.

r October 24, 2016 4:03 PM

@Humble Pheasant,

It’s considerably easier than letting the legal beagles out of their cage, think Missouri think Texas… It’s only a matter of time, if we couldn’t identify JFK’s assassin what makes you think that when that tree falls in the forest of oblivion we’ll actually hear the break?

Curfew.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.