Please note that the difficulty is not because I used any sort of special "anonymizing" routers or servers to disguise either my identity or location. Rather, the very nature of the information in the packets is what is causing us problems. All the outer layers of the packets need to move the packet along from one server to the next are the IP addresses of the servers in question. The inner layers have information about the identity of the sender and receiver these have no location information and very little identity information.

Tapping The Clients

If our spy moves his tap closer to the sender or the receiver, then location information becomes more obtainable. If the sender is using a mail client on their own machine, if they can tap the connection from outlook to the exchange server, or from Apple Mail or sendmail to the first SMTP server in the change, then the IP address on the outer layers of the protocol will at least imply geographic information... for the sender. But since the recipient doesn't have to be online in order for the sender to send the message, there is NO information about the location of the receiver. The law requires that both the sender and the recipient be foreigners not located in US jurisdiction in order for Constitutional protections to not apply.

One possible solution is to record the information at the time the message is sent that identifies the sender and their location and to hold it until the recipient fetches the mail. Then, if the recipient is also not protected by the constitution, it is safe to spy on the message without any form of warrant. But what if the reader is located in the US (or is determined to be a US person)? Then the message cannot be collected.

OK, so what if when the message is sent we record only the outer envelopes but not the content and tie it to the fact that this particular message was sent from in the US, put its ID in a database and then when the message with that ID is read determine the location of the recipient and only capture the content at that point? That might be Constitutional. Might. But it still requires the storing of a lot of information to be stored an correlated. And it only works if the users' mail clients are on the machine where they are located. These days, a lot of mail is sent and received with a web-based client like Google's Gmail. In that case, it is the sender's and receiver's web traffic that must be monitored, and tied to their email messages.

In order to capture email traffic that is not Constitutionally protected, a huge an d complex system that correlates a lot of separate transactions between web browsers and web servers, mail clients and mail servers has to be captured and correlated and the traffic has to be tapped close enough to the actual user clients to have the addresses of the client machines on it. Capturing it in the cloud in the above diagram, when all you have are server addresses is not enough. It doesn't tell you anything about the location of the people.

Simple Counter-Measures

So far as I can tell, by trying to understand the design problems involved in building a system to tap unprotected traffic, this is the sort of system you would have to build. And, as outlined so far, it is easily defeatable. Going back to my email message above, the one from Mohamed.Atta@alQaeda.org to FISAexample@gmx.co.uk, if "Mohamed.Atta" and FISAexample each use a webmail system to send and receive their mail, and connect to it over a secure link, it will become very difficult to make the association. Let me illustrate.

Suppose I connect to https://gmx.co.uk/—note that I'm using HTTPS and not merely HTTP. All anyone will be able to tell is that I have a secure encrypted connection to GMX. When I log in as FISAexample, they won't see what account I am logging into, so when I compose and send an email message they won't know either the sender or the recipient's email addresses in order to correlate them with the IP address of the machine that I was physically using. Tying me and my location to the message that "Mohamed.Atta" reads will be impossible, unless they crack the HTTPS encryption, or actually monitor the internals of the gmx.co.uk server located in Germany.

The solution to this is s huge data mining operation. If they manage to record all of the secure connections to the gmx.co.uk servers, and I have a regular pattern of communications with "Mohamed.Atta" and other "persons of interest", then they might be able to statistically demonstrate that there is a high probability that I am the FISAexample who sent the message. And of course "Mohamed.Atta" can always use HTTPS as well.

To solve the general case, what you have to do is have a database of virtually all of the HTTP, HTTPS and SMTP connections in the internet, then you can demonstrate that there is a reasonable probability that a given message was between non-US persons located outside the US and thus beyond Constitutional protections—all in order to keep on doing what foreign intelligence agencies have always been free to do, spy on the nation's foreign enemies outside the US.

And that was the simple case!

Please note that our current laws don't just have two classes of people: those who are protected by the Constitution and require a warrant and those who are not, who may be freely spied upon. There are also specific individuals that you have a warrant for, and those you have a FISA warrant for, and so on. Each class is defined by a set of rules and a set of warrants and court orders that have specific timeframes associated with them.

Note, too, tat you don't absolutely have to have a tap in at the time that the subjects connect their client machines to the servers. There are other people who may have that information and you might be able to get it from them. And that's where "Section 215" business records orders, "National Security Letters", FISA "tangible thing" orders and the like come in. If you tap the cloud and you have a message that contains serious actionable intelligence of vital importance, you might be able to demonstrate after the fact that it was unprotected. If you can demand the log files from an ISP to show the identity and the connection details of the sender and recipient and can show that they were non-US persons outside the US, or one of the people you have a warrant or a FISA warrant for, then it was Constitutionally safe.

And so we come to the answers of why "targeting procedures" and "minimization procedures" become so important, why the use of NSLs has skyrocketed, why they and Section 215 orders have such draconian gag orders associated with them. Simply put, the hundreds of years old legitimate practice of spying on your foreign enemies has become entangled with spying on protected communications. You can't do the one without sweeping up at least some of the other. And arguably now is not the best time to give up what has worked for hundreds of years just because the technology of communications has advanced.

But if vital foreign intelligence is now entangled with protected communications, then it is vital that procedures be instituted where trusted people, operating under serious oversight, and regular review of the procedures by which surveillance is targeted and collateral violations of the rights of the innocent are minimized are conducted. Which is probably which some folk who claim to be very concerned with issues of Constitutionality and legality thought that the FISA Amendment Act of 2008 was "getting FISA right", even if we don't see it that way.

Get FISA Right?

Personally, I have come to be of the opinion that you cannot "get FISA right", that given the current network protocols, the requirements of the Constitution, and the need to do what has always been done, spy on the nation's real foreign enemies, there is no possible procedure that won't violate the rights of way too many innocents. Moreover, I would claim that this is not merely a legal and political problem. It is a technical one. Speaking as a technologist, as someone who has been on the net since 1974, when equipment owned and operate by the military and military contractors had open guest accounts by design, I think that we techies have to participate in solving it or it won't get solved, and that solution has to involve the fundamental technologies and standards of the net.

Just because we can't "get FISA right" doesn't mean that we give up on fixing the law. there are still things in the USA PATRIOT Act, the National Security Letter laws and procedures and the FISA Act that are much more dangerous and abusive of our rights than they have to be. Oversight could be stronger. The law is written by people, Congressmen, who have more faith in Congress and the Federal government than many or most citizens. We need to insure that there are multiple tracks of oversight. Executive Inspectors General and Cabinet level officials, Legislators, and Judges all have to involved in oversight. "Can't get it right... now" doesn't call for inaction. It calls for major action on multiple fronts, technical, legal and political.