The FBI Is Abusing The All Writs Act To Gain Access To Millions Of Travel Records

from the not-how-the-Third-Party-Doctrine-works dept

When the Fourth Amendment limits your surveillance plans, just go private. That seems to be the standard operating procedure for law enforcement agencies.

When cops aren't willing to canvas neighborhoods to find crime suspects, they just head to Google and ask for info on everyone who happened to be in the area. When they want more data on suspects they're tracking, they don't run subpoenas by judges. They just tap into collections of data harvested from breaches and malicious hacking, all compiled and collated by private companies for easy searchability. And when the CBP decides its own ALPR database just doesn't have enough plate photos in it, it taps into Vigilant's stash of 9 billion plates even as it admits it may not have the legal authority to do so.

The FBI does the same thing. Thomas Brewster reports for Forbes that the FBI has taken an expansive view of the Third Party Doctrine to grab records from a private company that complies records related to several different businesses. The company is Sabre, a publicly-traded entity that compiles travel bookings. First formed in 1964, the company, which began as a division of American Airlines, now handles bookings for nearly every major airline, hoovering up data on a third of world's air travelers.

Sabre gained a lot of traction as an investigative tool following the 9/11 attacks in 2001. But it continues to be used as a convenient compilation of travel records, sparing the FBI (and others) from approaching several different companies with subpoenas.

Brewster has dug up some recent documents detailing Sabre's relationship with the FBI.

[A]s detailed in one international cybercrime investigation, Sabre can be compelled to proactively watch and report on a persons’ whereabouts as soon as they start travelling. In an order from December 2019, feds asked Sabre to provide the FBI with “real-time” updates on the travel activities of a hacking suspect, an Indian fugitive called Deepanshu Kher. Sabre was told to provide “complete and contemporaneous ‘real time’ account activity information of the traveler [Kher] on a weekly basis” for six months. Sabre would provide “any travel orders, transactions or reservations” for the suspect.

The order goes on to note law enforcement has already tapped Sabre's vast stores of travel data to assist in three other investigations dating back to 2016. This appears to be an abuse of a very old legal doctrine -- one that dates back much, much further than even the 2001 attacks. The All Writs Act (b. 1789) is in play here, and it appears to be allowing the FBI to skirt subpoena requirements to go to a compiler of third party records, rather than the original source of those records.

[Attorney Mark Zwillinger {who represented Apple in the San Bernardino case}] says that if it wants to leverage the All Writs Act, the government has to show a third party is necessary and close enough to the matter at hand. With Sabre, given there were other ways of getting the information on Kher’s travel, such as records of him entering the U.S. via Customs and Border Protection databases, that necessity was questionable.

There are also questions on the “reasonableness of the burden” on Sabre, another requirement for All Writs Act orders, he adds. “In one particular order, it might not be that burdensome, but once you start to get some volume here, then it really turns Sabre into a sort of … government agent every time they want to find a fugitive.”

This isn't how the Act is supposed to work. The FBI is aware of the limits of the Act and its duty to comply with Constitutional rights and applicable law. Unfortunately, the first check on abuses like this is the federal court system, and it appears to be fine with the FBI imposing a burden on a third party one step removed from the original travel records. The second check is the recipient of bogus orders like these. But Sabre doesn't appear to be willing to call the government on its bullshit, allowing the FBI to continue defining the "third party" part of Third Party Doctrine as being anyone holding records created by someone else.

Filed Under: 3rd party records, 4th amendment, all writs act, doj, fbi, privacy, travel records


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Norahc (profile), 21 Jul 2020 @ 4:14am

    Are you sure this shouldn't be filed under the "Duh" category?

    It seems like law enforcement has been trying to sidestep around the Constitution since June 22, 1788.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jul 2020 @ 6:48am

    FBi has created more terrorism than they have prevented

    The FBI seems to be the source of domestic terrorism lately rather than the entitity that finds and stops it. Maybe they have changed tactics and our now working directly against the constitution and people that they were originally created to protect?

    reply to this | link to this | view in chronology ]

  • identicon
    anonymous, 21 Jul 2020 @ 7:02am

    re: SABRE

    No, they requested access to SABRE because it contains the identity of everyone travelling anywhere. The question should be, what part of SABRE's budget is paid by the U.S. DoJ.

    reply to this | link to this | view in chronology ]

  • icon
    AJ (profile), 21 Jul 2020 @ 12:05pm

    Do they pay?

    Is there a legal difference between the FBI demanding the data and them paying for it? If Sabre is willing to sell this data and it is being paid for, is there anything (short of passing New US Privacy legislation) that the courts could do to stop the FBI from buying it from them anyway?

    reply to this | link to this | view in chronology ]

    • identicon
      anonymous, 21 Jul 2020 @ 3:30pm

      Re: Do they pay?

      If they aren't allowed to request it legally, then they should not be allowed to purchase it with your tax money; however, I was referring to the process by which the DoJ get telephone companies to do trap-and-trace actions. They pay for the action to take place because it requires an (albeit small) action on the part of the telco. There should be a line-item on SABRE's financial statements indicating incoming payments from the USDoJ for 'services rendered.'

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 21 Jul 2020 @ 1:22pm

    Yah, I thought so.

    "breaches and malicious hacking, all compiled and collated by private companies for easy searchability."

    Is it a conspiracy theory if its happening?
    I had thoughts about all the hacking being done, and WHOM they were not pointing fingers at.

    Viva le, Shadowrun..

    reply to this | link to this | view in chronology ]

  • identicon
    ROGS, for lack of a better world, 23 Jul 2020 @ 10:54am

    DEFUND THE FBI

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.