Report: FBI's PATRIOT Act Snooping Goes Beyond Business Records, Subject To Few Restrictions

from the 'just-metadata'-means-whatever-the-FBI-can-obtain dept

A report by the FBI's Office of the Inspector General (OIG) on the agency's use of Section 215 collections has just been released in what can only be termed as "fortuitous" (or "suspicious") timing. Section 215 is dying. It was up for reauthorization on June 1st, but the Obama administration suddenly pushed that deadline up to the end of this week. Sen. Mitch McConnell took a stab at a clean reauth, but had his attempt scuttled by a court ruling finding the program unauthorized by existing law and the forward momentum of the revamped USA Freedom Act. And, as Section 215's death clock ticked away, Rand Paul and Ron Wyden engaged in a filibuster to block any last-second attempts to ram a clean reauthorization through Congress.

The report focuses mainly on the FBI's 2007-2009 use of the program in response to previous OIG recommendations and alterations ordered by the FISA court. As is to be expected in anything tangentially-related to the NSA, it's full of redactions, especially in areas where a little transparency would go a long way towards justifying the FBI's belief that the program should continue in a mostly-unaltered state.

Redactions like this do absolutely nothing to assure the public that the program is useful and/or considerate of citzens' rights.


Areas dedicated to discussing controls of the obtained data are similarly obscured. Whatever policies the FBI adopted in terms of minimization, dissemination and oversight at the recommendation of the OIG are covered in black ink.







What information does actually make its way past the redactions shows that what's collected (and turned over to the FBI) goes far beyond the "just" telephone metadata often claimed to be the primary target of the program's collections.

Far from being just business records -- something the public supposedly has no 4th Amendment-related privacy interest in -- the Section 215 program also allows the FBI to obtain "non-public" records and data.
In the 2008 report, we recommended that the Department implement minimization procedures for the handling of nonpublicly available information concerning U.S. persons in response to Section 215 orders…
More sentences scattered throughout the report hint at expansive collections going far beyond the business records covered by the Third Party Doctrine. As noted in the report, reauthorizations of the Patriot Act expanded the program's reach far beyond what was allowed in its earliest iterations -- from business records from certain approved sources to "any tangible thing." This, combined with a continually-lowered threshold for "relevance" has resulted in the following:
We found that [redacted] of [redacted] applications submitted to the FISA Court on behalf of the FBI requested materials related to Internet activity. [p. 7]

Materials produced in response to Section 215 orders now ranges from hard copy reproductions of business ledgers and receipts to gigabytes of metadata and other electronic information. [p. 8]

We reviewed [redacted] related Section 215 applications that requested subscriber and transactional information for [redacted] e-mail accounts from U.S. providers. [p. 40]
The report also notes that minimization procedures do not apply to "publicly-available information," possibly indicating that the FBI's interpretation of the Third Party Doctrine allows it to retain and search non-relevant information on US persons, as well as disseminate it freely without fear of breaching its internal policies. The FBI's "Final Procedures" -- adopted in the wake of the FISA court's smackdown of the NSA, as well as on the recommendation of the OIG -- only applies to "nonpublicly available information."

The OIG also cautions that technological advances have blurred the line between communications and metadata and warns the FBI that vigilance will be needed to keep the two separate. This statement points to the eventual development of further minimization procedures, but if it's anything like the last set of OIG recommendations, it will be years before the FBI gets around to putting anything in motion.
We found the Supplemental Orders significant because the practice began almost 3 years after the Department was required by the Reauthorization Act to adopt specific minimization procedures for material produced in response to Section 215 orders, and over a year after we found that the Interim Procedures implemented by the Department in September 2006 failed to meet the requirements of the Reauthorization Act. The Department and FBI ultimately produced final minimization procedures specifically designed for Section 215 materials in 2013. The Attorney General adopted the FBI Standard Minimization Procedures for Tangible Things Obtained Pursuant to Title of the Foreign Intelligence Surveillance Act on March 7, 2013 (Final Procedures), and in August 2013 the Department began to file Section 215 applications with the FISA Court which stated that the FBI would apply the Final Procedures to the Section 215 productions.

Given the significance of minimization procedures in the Reauthorization Act, we do not believe it should have taken 7 years for the Department to develop minimization procedures or 5 years to address the OIG recommendation that the Department comply with the statutory requirement to develop specific minimization procedures designed for business records
The report also contained details on numerous instances of potential abuse of the Section 215 collections. Most of these discussions are redacted, but one reveals enough information to indicate the FISA Court was used to obtain information pertaining solely to a US person, as well as other intriguing (but mostly censored) incidents where FBI agents apparently felt FISA Court orders were more useful and expeditious than National Security Letters -- something of an anomaly for an agency that has so thoroughly abused its administrative privileges.

What is clear from these heavily-redacted recountings is that the FBI uses court orders designed for foreign intelligence gathering for domestic investigations, as well as to aid the agency in its cyberwar efforts.

The report also takes note of the severe restrictions imposed by the FISA court in 2008 after uncovering widespread abuse of the metadata collections by the NSA. It points out that several of these restrictions were lifted after an end-to-end review showed no instances of abuse by the agency during the period examined. In addition to confirming that the NSA collects from providers (plural) -- despite the government's arguments to the contrary when disputing plaintiffs' standing in Section 215-related lawsuits -- the report also points to the FBI and NSA obtaining records they shouldn't have had access to by an overly-helpful telco.
[N]SD reported to the FISA Court in March 2011 that in December 2010 and January 2011 NSA technical personnel discovered that the telephony metadata produced by a telecommunications provider included [redacted]. NSA contacted the carrier and was informed that a software change made in October 2010 resulted in this occurrence. According to the NSD's compliance notice filed with the Court, beginning on or about January 14, 2011, the telephony metadata did not include [redacted]. The NSA subsequently provide updates to the FISA Court describing the methods taken to purge the [redacted] from its databases.
And, as is the case with nearly every FBI document release, there's some over-redaction that serves no purpose other than to make the agency look foolish.
In June 2013, former NSA contract employee Edward Snowden caused to be publicly released documents relating to the bulk collection of telephony metadata and the Office of the Director of National Intelligence has since declassified aspects of this program. We have included a description of the NSA program, [redacted] in the body of this report.

The Department relied on [redacted] to obtain FISA Court orders [redacted].
So much for the transparency push. Despite leaks and declassification in response, the FBI withholds information already in the public domain.

Additionally, the document could have shed some light on the FBI's current Section 215 activities, but instead the agency has chosen to hide every last bit of discussion on its ongoing efforts. [pp. 68-72]


FBI head James Comey continues to insist there needs to be a discussion about the respective weighting of security and privacy, but heavily-redacted documents like these do not add to that discussion. How is the public supposed to weigh these two factors if it can't access the FBI's arguments in favor of Section 215's continued existence? The only purpose this document serves is to give legislative true believers something to wave around as they defend the Patriot Act's perpetual, unaltered renewal.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Namel3ss (profile), 21 May 2015 @ 2:09pm

    "Section 215 is dying."

    About goddamn time IMNSHO.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2015 @ 2:09pm

    History repeats itself

    We know what happens when large institutions are given unchecked power. We need to learn our lesson.

    https://video.pbs.org/video/2365459906/

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2015 @ 2:17pm

    Oversight ... 6 years later

    Is this the report that's supposed to happen semi-annually?

    reply to this | link to this | view in chronology ]

  • icon
    layman101 (profile), 21 May 2015 @ 2:32pm

    the unconstitutionality of SCA 18 U.S.C. 2703 (d)

    Greeting...

    Notwithstanding the fact that there is much good that can come from the legitimate (warrant based on probable cause ) acquisition of Cell Site Location Information (stored or real time), as of now, the location of wherever you carry your cell phone is recorded by your cellular service provider. In other words for the last several years every place you've traveled while your cell phone was in your possession, on or off, has been recorded and saved and can be handed over to the police like candy.
    Oh I'll just get around that by carrying burners (disposable phones). Well guess what, if you have your regular cell phone on you when you are carrying your burners the cops have a map of everyplace you visited. All they have to do is pull all phone numbers (personal phone and your burner phone (s) that has traveled the same exact path from cell tower to cell tower and thus get the numbers to your burners. This can be achieved by only having your regular legitimate phone number.
    We pass through hundreds of cell towers every day. If you have 2, 3, or 4 phones in your car every several seconds they send out signals to cell phone towers and this is how your location is mapped. Your 2,3, or 4 phones are the only phone that will have traveled that same map so by them having your regular phone number they can easily get your burner numbers as well...Wow...Now I understand why crime is down.
    If you've been cheating on your spouse at a hotel that info is saved waiting to be pulled.
    If you commit a crime at a particular time and you have your cell phone on you...busted.
    If you did a drug deal and had your regular phone on you and a year later dude gets caught and tells...guess what? You was there...busted.
    If you live an alternative lifestyle (undercover) and you visit those types of establishments ....guess what...there's a record.
    If you just want to be alone, guess what...they have a record of that.
    This is the way to defeat this violation...
    In order to prevail on the issue of historical CSLI and its requiring of a warrant to obtain, one must first attack the constitutionality of SCA 18 U.S.C. 2703 (d) which allows the obtaining of historical CSLI with a court order.
    SCA 18 U.S.C. 2703 (d) is unconstitutional because the U.S. Supreme Court decisions of Lustig, Byars, and countless succeeding federal and state cases that says, 'anytime the government (police, federal agent, etc) uses a private citizen/entity (cellular service provider) as its agent in acquiring evidence against someone this evokes the full ponoply of constitutional protections'(ie...a warrant based on probable cause).
    What has officiated all cellular service providers status as "agents for the government" is the "nexus" that was created in or around 2000 when the government's FCC issued a set of rules, called the Enhanced 911 rules (E911 rules), that mandated all wireless carriers to collect precise location information in the near future in order to improve the delivery of emergency services...See "The Mobile Wireless Web, Data, Services and Beyond: Emerging Technologies and Consumer Issues, pg. 9… published by the Federal Trade Commission, by Robert Ptofsky February, 2002,..see
    https://drive.google.com/file/d/0B1q7pqeJ0PWGbmJqNVVkVnJSN0h4cHRSQ2hyWnZienR5YlJz/view?usp=sharing
    When you view this book/pamphlet you will get a unique uncorrupted view of the mindset from a diverse consortium of individuals who we at the forefront of pioneering cellular technology, rules, and safeguards.
    For instance, at the workshop which the aforementioned book is a overview of, there was consensus as to the uncertainty of who CSLI (historical and realtime) belongs to.
    We the People deserves to know who designated CSLI the property of cellular providers when said ownership was clearly uncertain back in 2000.
    We the People deserve to know how, who, when, and where the original intent of the government to collect this information for E911 purposes evolved to criminal investigations.
    We the People deserves to know how the keenest legal minds in the United States allowed legislators to enact SCA 18 U.S.C. 2703 (d) knowing full well cellular providers were government 'agents' and thus any information acquired by them at the behest of the government could only be turned over by abiding by the strictest of constitutional protections.
    Notwithstanding the meritorious work and energy sacraficed by our hardworking legislators… We the People deserve to know if any other legislators who helped to vote SCA 18 U.S.C. 2703 (d) into being profited from the 5 to 9 billion dollar a year average the Harris Corporation (HRS) made over the years since this unconstitutional enactment. The Harris Corporation is the company that makes and sells the devices that capture CSLI and they have been selling these devices such as the stingray to police departments throughout the U.S. .
    We the people deserve to know if any of these legislators had investments in Harris Corporation, or its subsidiraries, or in any one of the investment companies that hold Harris Corp stock and thus profited from the more than $100 billion dollars made to investors as a direct result of their unconstitutional vote.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2015 @ 2:39pm

    There's no real surprises here. When you break the law, do so intentionally, you should expect to receive the attention of the legal department. When you hide the data that would provide transparency it is because you have things to hide. Things that would not stand the light of day. When you do it to the public it tells you where your concerns are. Which is to say don't tell the public what we are up to.

    There's now been confirmation that much of what is collected under the section 215 is illegal. Despite two years of Obama and crew hollering to anyone that would listen and the very first things out of the security branches spokespersons mouths were they were legal. They've been exposed in a trap of their own lies. It is now proven you can not trust the security branches to come clean with the oversight committees in charge of overseeing. There is effectively no oversight at all beyond claims of it.

    This whole business needs gone. The Patroit Act needs to sunset, entirely.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2015 @ 5:37pm

      Re:

      "When you break the law, do so intentionally, you should expect to receive the attention of the legal department."

      Unless you are some rich entitled ass with connections.

      reply to this | link to this | view in chronology ]

  • icon
    layman101 (profile), 21 May 2015 @ 3:41pm

    quotes

    The Wise and Honorable Justices have said in Union Pac. R.Co.V.Botsford. 141 U.S. 250,at 251, " No right is more carefully guarded, by the common law, than the right of every individual to the possession and control of his own person, free from all restraint or interference of others, unless by clear and unquestionable authority of law."....and...

    The Well-balanced Justices of the court has said in Terry v Ohio 392 U.S. 1, at 15 "Under bour decision, courts still retain their traditional responsibility to guard against police conduct which is overbearing or harassing, or which trenches upon personal security without the objective evidentiary justification which the Constitution requires. When such conduct is identified, it must be condemned by the judiciary and its fruits must be excluded from evidence in criminal trials".....and...

    The Honorable and Well respected Justice Frankfurter has said in Lustig v United States, 338 U.S. 74, at 78-79, "[A] search is a search by a federal agent if he had a hand in it***the decicive factor in determining the applicability of the Byars case is the actuality of a share by a federal official in the total enterprise of securing and selecting evidence by other than sanctional means. It is immaterial whether a federal agent originated the idea or joined in it while the search was in progress. So long as he was in it before the object of the search was completely accomplished, he must be deemed to have participated in it."...also...

    The Prestigious Justices of the court have said in Byars v United States, 273 U.S. 28, at 33-34, " The Fourth Amendment was adopted in view of long misuse of power in the matter of searches and seizures both in England and in the colonies; and the assurance against any revival of it, so carefully embodied in the fundamental law, is not to be impaired by judicial sanction of equivocal methods, which, regarded superficially, may be seen to challenge the illegality but which, in reality, strike at the very substance of the constitutional right."...

    In closing, our juducial system is not perfect but is a system that can work if we meticulously safeguard all elements of our Constitution. When we sacrifice one mustard seed weight of our constitutional rights for whatever reason the end result can only lead to chaos and nonconformity in our courts decisions ...as we see today with this issue. This, in addition to the snowballing detrimental effects from such violation(s).

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2015 @ 3:41pm

    That first redacted document...

    2007 to 2009. That's the date of the requested records. And it's aggregated data. They can't even tell us the TYPES of data requested 6-8 years ago?

    I can understand not wanting to compromise an ongoing investigation, but releasing this data wouldn't do that.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2015 @ 3:46pm

    Redacted

    I █████████████████████
    ████████████ █████████
    ██████████████████████

    Thank you.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 21 May 2015 @ 4:01pm

    You've got your papers, we've got ours

    The only purpose this document serves is to give legislative true believers something to wave around as they defend the Patriot Act's perpetual, unaltered renewal.

    If they do try and use this heavily redacted document to defend the mass spying, someone needs to bring up the various reports and findings regarding said spying, in particular the bits that found them not only illegal/unconstitutional, but the fact that despite claims to the contrary they've been shown to be completely and utterly useless at their stated purpose.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2015 @ 7:14pm

    Long but not a filibuster

    Rand Paul and Ron Wyden engaged in a filibuster to block any last-second attempts to ram a clean reauthorization through Congress.

    As inspiring as Paul/Wyden's words were (and they were truly awesome), they did not actually constitute a filibuster and we don't know yet if their words will influence enough other Senators to block anything. McConnell has filed cloture on both the USA Freedom Act and the 60 day extension of the Patriot Act so the Senate will vote on both this Saturday (i.e., nothing was blocked, so it wasn't a filibuster).

    reply to this | link to this | view in chronology ]

  • identicon
    All march together so everybody looks the same..., 21 May 2015 @ 8:19pm

    Your IP is a business record

    So is the destination IP have people been asleep for the past 20 years? really WTF why is anyone surprised, even Schneier claimed to be surprised that TLS was compromised especially compromised by THE BACK DOOR mandate in export law for strong encryption.. seriously has anyone been paying attention, most crypto since the 80's has been funded by DARPA and the NSA, does anyone remember the NSA crying poor us we only have CRAYS in the 90's anyone, ANYONE?

    I just don't have enough facepalms

    Those that willfully ignore history want to repeat it.. FFFFFFFFFFFFFFFSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.!

    reply to this | link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 22 May 2015 @ 12:00am

      Re: Your IP is a business record

      interesting note DES was actually improved by the NSA. Took security researchers 20 years to prove it. they also made it slightly weaker to brute force attacks by reducing the key length, but the changes they made to the algorithm made it more resistant to other forms of cracking.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 May 2015 @ 6:29am

    "Just trust us".

    reply to this | link to this | view in chronology ]

  • identicon
    JB Smith, 25 May 2015 @ 9:35am

    They are getting rich torturing and stealing - FBI are criminals.

    The American Reinvestment and Recovery Act and the brain initiative are the worst scams ever perpetrated on the American people. Former U. S. Surgeon General Regina Benjamin Warns: Biochips Hazardous to Your Health: Warning, biochips may cause behavioral changes and high suicide rates. State Attorney Generals are to revoke the licenses of doctors and dentists that implant chips in patients. Chip used illegally for GPS, tracking, organized crime, communication and torture. Virginia state police have been implanting citizens without their knowledge and consent for years and they are dying! Check out William and Mary’s site to see the torture enabled by the biochip and the Active Denial System. See Terrorism and Mental Health by Amin Gadit or A Note on Uberveillance by MG & Katina Michael or Safeguards in a World of Ambient Intelligence by Springer or Mind Control, Microchip Implants and Cybernetics. Check out the audio spotlight by Holosonics.

    “Former Defense Advanced Research Projects Agency (DARPA) director and now Google Executive, Regina E. Dugan, has unveiled a super small, ingestible microchip that we can all be expected to swallow by 2017. “A means of authentication,” she calls it, also called an electronic tattoo, which takes NSA spying to whole new levels. She talks of the ‘mechanical mismatch problem between machines and humans,’ and specifically targets 10 – 20 year olds in her rant about the wonderful qualities of this new technology that can stretch in the human body and still be functional. Hailed as a ‘critical shift for research and medicine,’ these biochips would not only allow full access to insurance companies and government agencies to our pharmaceutical med-taking compliancy (or lack thereof), but also a host of other aspects of our lives which are truly none of their business, and certainly an extension of the removal of our freedoms and rights.” Google News

    The ARRA authorizes payments to the states in an effort to encourage Medicaid Providers to adopt and use “certified EHR technology” aka biochips. ARRA will match Medicaid $5 for every $1 a state provides. Hospitals are paid $2 million to create “crisis stabilization wards” (Gitmo’s) where state police torture people – even unto death. They stopped my heart 90 times in 6 hours. Virginia Beach EMT’s were called to the scene.
    Mary E. Schloendorff, v. The Society of New York Hospital 105 N. E. 92, 93 (N. Y. 1914) Justice Cardozo states, “every human being of adult years and sound mind has a right to determine what shall be done with his own body; and a surgeon who performs an operation without his patient’s consent, commits an assault, for which he is liable in damages. (Pratt v Davis, 224 Ill. 300; Mohr v Williams, 95 Minn. 261.)

    This case precedent requires police to falsely arrest you or kidnap you and call you a mental health patient in order to force the implant on you. You can also be forced to have a biochip if you have an infectious disease – like Eboli or Aids. Coalition of Justice vs the City of Hampton, VA settled a case out of court for $500,000 and removal of the biochip. Torture is punishable by $1,000 per day up to $2 million; Medical battery is worth $2.05 million.

    They told my family it was the brain initiative. This requires informed, knowledgeable consent. Mark Warner told me it was research with the Active Denial System by the College of William and Mary, the USAF, and state and local law enforcement. It is called IBEX and it is excruciating. If you are an organ donor, they volunteer you.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.