Section 702

This week we talk about STELLARWIND, 9/11, and the NSA.We also discuss warrantless surveillance, intelligence agencies, and FISA.Recommended Book: Period: The Real Story of Menstruation by Kate ClancyTranscriptImmediately after the terrorist attacks in the US on September 11, 2001, then President George W. Bush gave his approval for the National Security Agency, the NSA, to run a portfolio of significant and ever-evolving cross-agency efforts aimed at preventing future attacks of that kind, scale, and scope.The thinking behind this collection of authorizations to various US intelligence agencies, which would operate in tandem with the NSA, was that we somehow didn't see this well-orchestrated, complex plan coming, and though revelations in later years suggested we kind of did, we just didn't act on the intelligence we had, in those early, post-attack days, everyone at the top was scrambling to reassure the country that things would be okay, while also worrying that more attacks from someone, somewhere, might be impending.So the President signed a bunch of go-aheads that typically wouldn't have been signed, and the government gave a lot of power to the NSA to amalgamate the resulting intelligence data in ways that also wouldn't have previously been okay'd, but that, in those unusual circumstances, were considered to be not just acceptable, but desirable and necessary.This jumble of intelligence service activities, approved by the president and delegated to the NSA, became known as the President's Surveillance Program, and they were kept secret, in part because of how unprecedented they were, and in part because those in charge didn't want to risk their opposition—those they knew about, like Al Qaeda, but also those that might be waiting in the wings to attack the US while it was perceptually weakened and vulnerable—they didn't want to risk those entities knowing what they were doing, what they knew about, how they were collecting data, and so on.The info that was gleaned via these programs was compiled and stored in an SCI, which stands for Sensitive Compartment Information, and which refers to a type of document control system, a bit like Top Secret or Classified, in that it allows those running it to set what level of access people must have to view, process, use, or even discuss its contents, and this particular SCI was codenamed STELLARWIND.Among other activities, the programs feeding data into the Stellarwind SCI mined huge databases of email and phone communications, alongside web-browsing and financial activities; all sorts of tracking information that's collected by various components of intelligence, law enforcement, and other government and government-adjacent services were tapped and harvested.All of this data was then funneled into this one program, and though the degree to which this much information is useful up for debate, because having a slew of data doesn't mean that data is organized in useful ways, in 2004 the US Justice Department discovered that the NSA was not just collecting this sort of data when it was connected to foreign entities or entities that have been connected to terrorism, it was also collecting it from sources and people, including just average everyday Americans and small businesses that were doing no terrorism at all, and which had no links to terrorism, and it was doing so on American soil.After this discovery, then-President Bush said, well, the NSA is allowed to do that, that's fine, but they can only look at collected metadata related to terrorism—so they can collect whatever they want, sweep up gobs of information, file-away whatever drifts into their expansive and undifferentiating nets, but they're not allowed to look at and use anything not related to terrorism; and with that clarification to keep the Justice Department from doing anything that might hinder the program, the president reauthorized it that same year, 2004.There was disagreement within the government about the legality of all this, some entities saying that warrantless wiretapping of American citizens was illegal, even if the collected data was supposedly unusable unless some kind of terrorism connection could be ginned up to justify it. But those in charge ultimately decided that it would be irresponsible not to use these wiretapping powers the NSA wielded to protect American lives, and even said that Congress had no power to stop them from doing so, because it fell within their wheelhouse, that of defense against potential future foreign attack.All of the President's Surveillance Programs officially expired on February 1 of 2007, but new legislation that same year, and more in 2008, extended some of these activities, all with the justification of protecting the US from future terrorist attacks, and in 2009, a report published by the Inspectors General of the country's intelligence agencies found, in essence, that the now-retired President's Surveillance Program went way beyond what was allowed, in terms of collecting this sort of data without a warrant, and indicated that there was little oversight keeping folks from looking at data they weren't supposed to be looking at, while also indicating that the program probably wasn't very effective—so there was all this data, collected on dubious legal grounds, approved during a period of fear and perceived vulnerability, that was also becoming this a major headache for folks concerned about what amounted to a big, secret surveillance program that was targeting the very people it was supposedly meant to protect from terrorism, all in the pursuit of purported security benefits that were more theoretical than real.A former NSA codebreaker went on the record with WIRED magazine in 2012, outlining how the NSA was surveilling Americans in this way, which got the codename Stellarwind into the press as a consequence, and the following year, in 2013, the Washington Post and The Guardian published a draft of that 2009 Inspector General report that said the program was going far beyond the bounds of what was legal and right and effective—that draft leaked by NSA employee and subcontractor Edward Snowden.Further revelations based on that leak came out in 2014, at which point there was abundant public evidence that much of what was happening within the Stellarwind program was kept secret even after supposed earlier divulgences, and a lot of it was seemingly very illegal, though this program still functions in various capacities and at various scales, even now, in 2024.What I'd like to talk about today is a portion of the Stellarwind program that was recently extended, though not without controversy and pushback.—The Foreign Intelligence Surveillance Act, or FISA, was passed in 1978 in response to the fairly brazen and regular violations of Americans' privacy under the Nixon administration; namely that his government regularly spied on, and used intelligence and law enforcement services to mess with, political and activist groups that Nixon didn't like.FISA was meant to establish guardrails for when and how that sort of surveillance could be conducted, who could access the relevant data, and how it could be used—though notably, all of this applied to collecting intelligence in US territory; the rules are a lot looser when it comes to surveillance of non-americans in other countries.Among other things, FISA established the Foreign Intelligence Surveillance Court, which is a court that decides who can use these tools and access this data—they oversee the divvying-out of surveillance warrants—and FISA was the basis for all those President's Surveillance Programs following 9/11; so it was meant to prevent abuses of surveillance and intelligence tools by the US government against its citizens, and this general framework was used as a scaffolding for those enhanced surveillance powers the government gave itself after the 9/11 attacks; it was also a primary resource for those who found all those post-9/11 additional powers to be illegal oversteps.One evolution of FISA following September 11 was the introduction of what's called Section 702, which is provision that allows the US government to undertake targeted surveillance efforts against non US citizens outside the US, leveraging the full weight of the US government to do so, including but not limited to coercing telecommunications companies, like internet or phone companies, to hand over whatever data and recordings and such they might have available.Section 702 is meant to be very targeted and specific, never allowing the surveillance of any US citizen, anywhere, any person from any country who's in the US, or any foreign person located anywhere on the planet who is communicating with a US citizen—which is a technique that was previously leveraged by some components of Stellarwinds, the idea being that if you wanted to surveil an American but had no evidence they have links to terrorism, you would just capture their phone calls and other communications with non-Americans, and you'd be good to go.There's a fairly rigid set of protocols involved in using Section 702 for surveillance, including Department of Justice oversight on every targeting request, and opportunities to deny the collection of, or subsequent access to data that is collected by a sequence of analysts who are disconnected from those requesting said data.That's what the rules and processes for this provision say, anyway.In practice, Section 702 has allegedly been used to track members of Congress, journalists, victims of various sorts of crime, political donors, and protestors—targeting them for surveillance, but also used to search existing data that's already been collected, baselessly, via so-called "backdoor searches" with no connection to terrorism or anything else that would allow for the formal use of these tools, seemingly in violation of those supposed hardcore guardrails, at the behest of the FBI, CIA, and NSA. And this seemingly happens on a fairly regular basis—more than 200,000 warrantless, backdoor searches are performed each year.All of which adds interesting context to a recent congressional vote to reauthorize Section 702 for another two years, right as it was about to expire.This extension vote was laden with drama, in part because two major US internet companies said they would no longer comply if Section 702 wasn't renewed, as the government had had its request to keep collecting data for another year approved, but it no longer had legal backing to demand such data from companies, with the ability to coerce them to hand over digital communications data, like email and text records, if they denied more polite requests. So these companies said, well, you can collect whatever data you can get your hands on, but you can't get your hands on our data, anymore.There was also political drama, though, in the shape of former US President, and current Presidential candidate Trump's loudly stated antagonism toward renewing this provision, something that aligned him with privacy oriented groups that he typically doesn't like or align with.A vote that would have ended all warrantless searches on these sorts of communications failed to pass earlier in April, due to a tied 212 to 212 vote in the House, and another that would have accomplished a similar outcome and which was voted upon a few days later was defeated by just a handful of votes.The conflict here is seemingly that while there are significant and persistent privacy issues with this and related programs, it's also considered to be a potentially useful tool in the US intelligence community's utility belt. And though most politicians would like to be seen as defending the privacy of American citizen from prying government eyes, few want to be seen as hobbling its defense infrastructure, even if the defense value of this and connected programs have been questioned and challenged, time and time again.What eventually helped a Section 702 extension bill attain approval from Congress was a compromise that approved the extension of some components of it, that allowed it to take new communications technologies into account, arguably making it more useful for surveillance purposes while simultaneously increasing the privacy risks it poses, but pairing those add-ons with a shortened extension period, down from five years to two. Which means it's likely there will be another showdown over whether it should be extended in just a few years, at which point it can be killed or further edited, depending on how this new, slightly iterated version, is functioning at that point.All of which is interesting and newly relevant in part because we're stepping into what some have called a new Cold War, with all sorts of real-deal military conflicts on the ground threatening to expand and encompass more of the planet, alongside rifts in the relationships between behemoths like the US and China, which could erupt into larger versions of the same, if these governments aren't careful.At such moments, we tend to see more support for measures that give heightened power to governments and other defense-oriented entities, even at the expense of individual rights.So rather than clipping the wings of this and similar programs in a few years when renewal is once more on the docket, it may be that Congress further empowers it—depending on how today's conflicts play out, and how the relationships between the US and its primary rivals evolve in the meantime.Show Noteshttps://www.washingtonpost.com/national-security/2024/04/19/fisa-702-surveillance-internet/https://www.washingtonpost.com/national-security/2024/04/20/congress-extends-controversial-warrantless-surveillance-law-two-years/https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Acthttps://www.dni.gov/files/CLPT/documents/2023_ASTR_for_CY2022.pdf#page=24https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2023/FISC_2023_FISA_702_Certifications_Opinion_April11_2023.pdf#page=89https://www.dni.gov/files/icotr/Section702-Basics-Infographic.pdfhttps://www.aclu.org/issues/national-security/warrantless-surveillance-under-section-702-fisahttps://www.brennancenter.org/our-work/research-reports/whats-next-reforming-section-702-foreign-intelligence-surveillance-acthttps://www.brennancenter.org/our-work/research-reports/fisa-section-702-civil-rights-abuseshttps://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Acthttps://www.nytimes.com/2024/04/20/us/politics/senate-passes-surveillance-law-extension.htmlhttps://en.wikipedia.org/wiki/President%27s_Surveillance_Programhttps://en.wikipedia.org/wiki/Sensitive_compartmented_informationhttps://en.wikipedia.org/wiki/Stellar_Wind This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe