from the 'just-metadata'-means-whatever-the-FBI-can-obtain dept
A report by the FBI's Office of the Inspector General (OIG) on the agency's use of Section 215 collections has just been released in what can only be termed as "fortuitous" (or "suspicious") timing. Section 215 is dying. It was up for reauthorization on June 1st, but the Obama administration suddenly pushed that deadline up to the end of this week. Sen. Mitch McConnell took a stab at a clean reauth, but had his attempt scuttled by a court ruling finding the program unauthorized by existing law and the forward momentum of the revamped USA Freedom Act. And, as Section 215's death clock ticked away, Rand Paul and Ron Wyden engaged in a filibuster to block any last-second attempts to ram a clean reauthorization through Congress.
The report focuses mainly on the FBI's 2007-2009 use of the program in response to previous OIG recommendations and alterations ordered by the FISA court. As is to be expected in anything tangentially-related to the NSA, it's full of redactions, especially in areas where a little transparency would go a long way towards justifying the FBI's belief that the program should continue in a mostly-unaltered state.
Redactions like this do absolutely nothing to assure the public that the program is useful and/or considerate of citzens' rights.
Areas dedicated to discussing controls of the obtained data are similarly obscured. Whatever policies the FBI adopted in terms of minimization, dissemination and oversight at the recommendation of the OIG are covered in black ink.
Far from being just business records -- something the public supposedly has no 4th Amendment-related privacy interest in -- the Section 215 program also allows the FBI to obtain "non-public" records and data.
In the 2008 report, we recommended that the Department implement minimization procedures for the handling of nonpublicly available information concerning U.S. persons in response to Section 215 orders…More sentences scattered throughout the report hint at expansive collections going far beyond the business records covered by the Third Party Doctrine. As noted in the report, reauthorizations of the Patriot Act expanded the program's reach far beyond what was allowed in its earliest iterations -- from business records from certain approved sources to "any tangible thing." This, combined with a continually-lowered threshold for "relevance" has resulted in the following:
We found that [redacted] of [redacted] applications submitted to the FISA Court on behalf of the FBI requested materials related to Internet activity. [p. 7]The report also notes that minimization procedures do not apply to "publicly-available information," possibly indicating that the FBI's interpretation of the Third Party Doctrine allows it to retain and search non-relevant information on US persons, as well as disseminate it freely without fear of breaching its internal policies. The FBI's "Final Procedures" -- adopted in the wake of the FISA court's smackdown of the NSA, as well as on the recommendation of the OIG -- only applies to "nonpublicly available information."
Materials produced in response to Section 215 orders now ranges from hard copy reproductions of business ledgers and receipts to gigabytes of metadata and other electronic information. [p. 8]
We reviewed [redacted] related Section 215 applications that requested subscriber and transactional information for [redacted] e-mail accounts from U.S. providers. [p. 40]
The OIG also cautions that technological advances have blurred the line between communications and metadata and warns the FBI that vigilance will be needed to keep the two separate. This statement points to the eventual development of further minimization procedures, but if it's anything like the last set of OIG recommendations, it will be years before the FBI gets around to putting anything in motion.
We found the Supplemental Orders significant because the practice began almost 3 years after the Department was required by the Reauthorization Act to adopt specific minimization procedures for material produced in response to Section 215 orders, and over a year after we found that the Interim Procedures implemented by the Department in September 2006 failed to meet the requirements of the Reauthorization Act. The Department and FBI ultimately produced final minimization procedures specifically designed for Section 215 materials in 2013. The Attorney General adopted the FBI Standard Minimization Procedures for Tangible Things Obtained Pursuant to Title of the Foreign Intelligence Surveillance Act on March 7, 2013 (Final Procedures), and in August 2013 the Department began to file Section 215 applications with the FISA Court which stated that the FBI would apply the Final Procedures to the Section 215 productions.The report also contained details on numerous instances of potential abuse of the Section 215 collections. Most of these discussions are redacted, but one reveals enough information to indicate the FISA Court was used to obtain information pertaining solely to a US person, as well as other intriguing (but mostly censored) incidents where FBI agents apparently felt FISA Court orders were more useful and expeditious than National Security Letters -- something of an anomaly for an agency that has so thoroughly abused its administrative privileges.
Given the significance of minimization procedures in the Reauthorization Act, we do not believe it should have taken 7 years for the Department to develop minimization procedures or 5 years to address the OIG recommendation that the Department comply with the statutory requirement to develop specific minimization procedures designed for business records…
What is clear from these heavily-redacted recountings is that the FBI uses court orders designed for foreign intelligence gathering for domestic investigations, as well as to aid the agency in its cyberwar efforts.
The report also takes note of the severe restrictions imposed by the FISA court in 2008 after uncovering widespread abuse of the metadata collections by the NSA. It points out that several of these restrictions were lifted after an end-to-end review showed no instances of abuse by the agency during the period examined. In addition to confirming that the NSA collects from providers (plural) -- despite the government's arguments to the contrary when disputing plaintiffs' standing in Section 215-related lawsuits -- the report also points to the FBI and NSA obtaining records they shouldn't have had access to by an overly-helpful telco.
[N]SD reported to the FISA Court in March 2011 that in December 2010 and January 2011 NSA technical personnel discovered that the telephony metadata produced by a telecommunications provider included [redacted]. NSA contacted the carrier and was informed that a software change made in October 2010 resulted in this occurrence. According to the NSD's compliance notice filed with the Court, beginning on or about January 14, 2011, the telephony metadata did not include [redacted]. The NSA subsequently provide updates to the FISA Court describing the methods taken to purge the [redacted] from its databases.And, as is the case with nearly every FBI document release, there's some over-redaction that serves no purpose other than to make the agency look foolish.
In June 2013, former NSA contract employee Edward Snowden caused to be publicly released documents relating to the bulk collection of telephony metadata and the Office of the Director of National Intelligence has since declassified aspects of this program. We have included a description of the NSA program, [redacted] in the body of this report.So much for the transparency push. Despite leaks and declassification in response, the FBI withholds information already in the public domain.
The Department relied on [redacted] to obtain FISA Court orders [redacted].
Additionally, the document could have shed some light on the FBI's current Section 215 activities, but instead the agency has chosen to hide every last bit of discussion on its ongoing efforts. [pp. 68-72]
FBI head James Comey continues to insist there needs to be a discussion about the respective weighting of security and privacy, but heavily-redacted documents like these do not add to that discussion. How is the public supposed to weigh these two factors if it can't access the FBI's arguments in favor of Section 215's continued existence? The only purpose this document serves is to give legislative true believers something to wave around as they defend the Patriot Act's perpetual, unaltered renewal.