The FBI Is Abusing The All Writs Act To Gain Access To Millions Of Travel Records

from the not-how-the-Third-Party-Doctrine-works dept

When the Fourth Amendment limits your surveillance plans, just go private. That seems to be the standard operating procedure for law enforcement agencies.

When cops aren’t willing to canvas neighborhoods to find crime suspects, they just head to Google and ask for info on everyone who happened to be in the area. When they want more data on suspects they’re tracking, they don’t run subpoenas by judges. They just tap into collections of data harvested from breaches and malicious hacking, all compiled and collated by private companies for easy searchability. And when the CBP decides its own ALPR database just doesn’t have enough plate photos in it, it taps into Vigilant’s stash of 9 billion plates even as it admits it may not have the legal authority to do so.

The FBI does the same thing. Thomas Brewster reports for Forbes that the FBI has taken an expansive view of the Third Party Doctrine to grab records from a private company that complies records related to several different businesses. The company is Sabre, a publicly-traded entity that compiles travel bookings. First formed in 1964, the company, which began as a division of American Airlines, now handles bookings for nearly every major airline, hoovering up data on a third of world’s air travelers.

Sabre gained a lot of traction as an investigative tool following the 9/11 attacks in 2001. But it continues to be used as a convenient compilation of travel records, sparing the FBI (and others) from approaching several different companies with subpoenas.

Brewster has dug up some recent documents detailing Sabre’s relationship with the FBI.

[A]s detailed in one international cybercrime investigation, Sabre can be compelled to proactively watch and report on a persons’ whereabouts as soon as they start travelling. In an order from December 2019, feds asked Sabre to provide the FBI with “real-time” updates on the travel activities of a hacking suspect, an Indian fugitive called Deepanshu Kher. Sabre was told to provide “complete and contemporaneous ‘real time’ account activity information of the traveler [Kher] on a weekly basis” for six months. Sabre would provide “any travel orders, transactions or reservations” for the suspect.

The order goes on to note law enforcement has already tapped Sabre’s vast stores of travel data to assist in three other investigations dating back to 2016. This appears to be an abuse of a very old legal doctrine — one that dates back much, much further than even the 2001 attacks. The All Writs Act (b. 1789) is in play here, and it appears to be allowing the FBI to skirt subpoena requirements to go to a compiler of third party records, rather than the original source of those records.

[Attorney Mark Zwillinger {who represented Apple in the San Bernardino case}] says that if it wants to leverage the All Writs Act, the government has to show a third party is necessary and close enough to the matter at hand. With Sabre, given there were other ways of getting the information on Kher’s travel, such as records of him entering the U.S. via Customs and Border Protection databases, that necessity was questionable.

There are also questions on the “reasonableness of the burden” on Sabre, another requirement for All Writs Act orders, he adds. “In one particular order, it might not be that burdensome, but once you start to get some volume here, then it really turns Sabre into a sort of … government agent every time they want to find a fugitive.”

This isn’t how the Act is supposed to work. The FBI is aware of the limits of the Act and its duty to comply with Constitutional rights and applicable law. Unfortunately, the first check on abuses like this is the federal court system, and it appears to be fine with the FBI imposing a burden on a third party one step removed from the original travel records. The second check is the recipient of bogus orders like these. But Sabre doesn’t appear to be willing to call the government on its bullshit, allowing the FBI to continue defining the “third party” part of Third Party Doctrine as being anyone holding records created by someone else.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The FBI Is Abusing The All Writs Act To Gain Access To Millions Of Travel Records”

Subscribe: RSS Leave a comment
7 Comments
anonymous says:

Re: Do they pay?

If they aren’t allowed to request it legally, then they should not be allowed to purchase it with your tax money; however, I was referring to the process by which the DoJ get telephone companies to do trap-and-trace actions. They pay for the action to take place because it requires an (albeit small) action on the part of the telco. There should be a line-item on SABRE’s financial statements indicating incoming payments from the USDoJ for ‘services rendered.’

Leave a Reply to Anonymous Coward Cancel reply

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...