FISA Judge: NSA misrepresented themselves, violated the Constitution

A federal judge said in a recently declassified opinion, issued during his time serving on the Foreign Intelligence Surveillance Court, that the National Security Agency misrepresented themselves and violated the Constitution for several years.

After the Electronic Frontier Foundation (EFF) won their lawsuit to obtain an 86-page opinion from the secret Foreign Intelligence Surveillance Court (FISC) issued in October of 2011, the government released the redacted version on Wednesday, as written by Judge John D. Bates.

In it, Judge Bates outlines the NSA's Fourth Amendment violations as they go about collecting intelligence, including upstream ISP traffic, and how the agency collected as many as 56,000 completely domestic communications per year, for several years. Yet, according to the opinion, the court was just now learning that the nature of the information the NSA said they were collecting was fundamentally different.

"The court is troubled that the government's revelations regarding NSA's acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program& Contrary to the government's repeated assurances, NSA had been routinely running queries of the metadata using querying terms that did not meet the standard for querying," Judge Bates wrote in his opinion [PDF].

Related: NSA collected thousands of domestic communications in 2011

"The government's submissions make clear not only that NSA has been acquiring Internet transactions since before the Court's approval of the first Section 702 certification in 2008, but also that NSA seeks to continue the collection of Internet transactions&"

At issue is the wholesale collection of Internet and telecommunications data, which by law is supposed to be largely restricted in scope, with regard to what is collected and why, as well as restricted as to content. However, the FISC ruled that the NSA overstepped their bounds, and collected far more data than was previously approved. Going so far as to mislead the court as to what exactly was being collected and examined.

Two years later, the NSA says they have changed the way data is collected and processed, but documents leaked by Edward Snowden, and recent reports from the Wall Street Journal, bring the FISC's condemnation and accusations back into the spotlight. The assumption being, if they misled the courts on three separate occasions, what's to prevent further instances?

On Monday, the Wall Street Journal (citing both current and former officials as sources) says that the NSA has developed a surveillance network that has the ability to cover more than 75 percent of all U.S. Internet traffic. In some cases, this collection network retains the written content of emails written by citizens, as well as VoIP-based phone calls.

"The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies," the Wall Street Journal reported.

"This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say. Previously, any NSA filtering of this kind was largely believed to be happening near points where undersea or other foreign cables enter the country."

In a statement, U.S. Senator Ron Wyden, who himself is a strong critic of the NSA's surveillance programs, said that the release of the declassified ruling was long overdue. Despite the changes made since 2011, he added, the data collection described within the ruling was a "serious violation of the 4th Amendment and demonstrates even more clearly the need to close the back-door searches loophole" that allows American communications to be collected without warrant if they are caught in the dragnet while the NSA conducts foreign intercepts.

[Related: 6 ways we gave up our privacy]

"Moreover, the ruling states that the NSA has knowingly acquired tens of thousands of wholly domestic communications under section 702 of the Foreign Intelligence Surveillance Act, even though this law was specifically written to prohibit the warrantless acquisition of wholly domestic communications. The FISA Court has noted that this collection violates the spirit of the law, but the government has failed to address this concern in the two years since this ruling was issued," the Senator added.

Mirroring the Senator's thoughts, the ACLU issued a statement calling for stronger oversight, as the declassified ruling provides further proof that current mechanisms are far too feeble. Moreover, the ACLU notes that the opinion further serves as a reminder of "how incredibly permissive our surveillance laws are" adding that this kind of surveillance "is unconstitutional, and Americans should make it very clear to their representatives that they will not tolerate it."

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about EFFElectronic Frontier FoundationNational Security AgencyNSAWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place