Tag: telephone records

Retroactive Surveillance Immunity, Obama Style

There’s a lot to unpack in the Office of the Inspector General’s blistering 300-page report on illegal FBI abuse of surveillance authority issued last month, but I want to highlight one especially worrisome aspect, about which I spoke with The Atlantic’s Marc Ambinder earlier today.

The very short version of the report’s background finding is that, for several years, analysts at the FBI blithely and illegally circumvented even the minimal checks on their power to demand telephone records under the PATRIOT Act. I’ll go into this further in a future post, but there are strong indicators that the agents involved knew they were doing something shady. Thousands of records were obtained using a basically made-up process called an “exigent letter” wherein they ask for records with what amounts to an IOU promising legitimate legal process any day now. (In many of those cases, the legitimate legal process would not actually have been available for the records obtained.) Still more disturbing, an unknown number of records were obtained without even this fictitious process: Agents simply made informal requests verbally, by e-mail, or via post-it note. And hey, why bother with subponeas or National Security Letters when you can just slap a sticky on someone’s monitor?

Treated to a preview of the OIG’s damning conclusions, the FBI was eager to find some way to cover its massive lawbreaking. So they apparently crafted a novel legal theory after the fact, in hopes of finding some way to shoehorn their actions into federal privacy statutes.  On January 8—as in four weeks ago, years after the conduct occurred—the Office of Legal Counsel seems to have blessed the FBI’s theory, which unfortunately remains secret.  Democratic Sens. Russ Feingold, Dick Durbin, and Ron Wyden have asked the Justice Department for details, but at present we just don’t know what kind of loopholes DOJ believes exist in the law meant to protect our sensitive calling records.

Communications records are generally protected by Chapter 121 of Title 18, known to its buddies as the Stored Communications Act. The few snippets of unredacted material in the OIG report suggest that the FBI’s argument is that the statute does not apply to certain classes of call records. Presumably, the place to look for the loophole is in §2702, which governs voluntary disclosures by telecom firms.  There is, of course, an exemption for genuine emergencies—imminent threats to life and limb—but these, we know, are not at issue here because most of the records were not sought in emergency situations. But there are a number of other loopholes. The statute governs companies providing electronic communications services “to the public”—which encompasses your cell company and your ISP, but probably not the internal networks of your university or employer. The activity at issue here, however, involved the major telecom carriers, so that’s probably not it. There’s another carve-out for records obtained with the consent of the subscriber, which might cover certain government employees who’ve signed off on surveillance as a condition of employment. We do know that in some cases, the records obtained had to do with leak investigations, but that doesn’t seem especially likely either, since the FBI claims (though the OIG expresses its doubts about the veracity of the claim) that the justification would apply to the “majority” of records obtained.

My current best guess, based on what little we know, is this. The SCA refers to, and protects from disclosure to any “government entity,” the records of “customers” and “subscribers.”  But telecommunications firms may often have records about the calling activity of people who are not the customers or subscribers of that company. For example, reciprocal agreements between carriers will often permit a phone that’s signed up with one cell provider to make use of another company’s network while roaming. When these outside phones register on a network, that information goes to a database called the Visitor Location Register. You could imagine a clever John Yoo type arguing that the SCA does not cover information in the VLR, since it does not constitute a “subscriber” or “customer” record. Of course, it beggars belief to think that Congress intended to allow such a loophole—or, indeed, had even considered such technical details of cell network architecture.

My guess, to be sure, could be wrong. But that just points to the larger problem: The Justice Department believes that some very clever lawyerly reading of the privacy statutes—so very clever that despite the rampant “creativity” of the Bush years, they only just came up with it a few weeks ago—permits the FBI to entirely circumvent all the elaborate systems of checks and balances in place (or so we thought) to protect our calling records. If investigators can write themselves secret exemptions from the clear intent of the law, then all the ongoing discussion about reform and reauthorization of the PATRIOT Act amounts to a farcical debate about where to place the fortifications along the Maginot Line.

Sacrificing Liberties in the Name of Security

The new Justice Department Inspector General report finds that the FBI broke the law in seeking phone records.  Reports Jacob Sullum of Reason magazine:

In a report (PDF) issued today, Justice Department Inspector General Glenn Fine shows that the FBI routinely broke the law for several years by demanding telephone records through informal methods that were not authorized by statute. The abuses, which involved thousands of records, are especially striking because it is not very hard for the FBI to obtain this information legally. The Electronic Communications Privacy Act (ECPA) allows the bureau to demand records from phone companies through a “national security letter” (NSL) signed by the director or an official he designates. Under FBI policy, any special agent in charge can sign an NSL, which simply states that the records sought are “relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities.”

In 2003 FBI officials began dodging this minimal requirement by asking telecommunications carriers to suppy records without the legally required NSL “due to exigent circumstances” and promising to provide an NSL after the fact. These so-called exigent letters, which were often used when no emergency actually existed, were an extralegal contrivance that violated ECPA, bureau policy, and guidelines issued by the attorney general. The retroactive NSLs promised by the exigent letters often failed to appear because there was no authorized investigation to which they could be linked. To fix that problem, FBI officials resorted to another illegal procedure, issuing “blanket” NSLs tied to no particular investigation.

Even these pseudolegalities look downright upright next to the FBI’s other informal methods of obtaining records, which included requests by email, phone, post-it note, and in-person oral communication as well as “sneak peeks,” which were about as legitimate as they sound. The failure to follow the established NSL process is legally significant because ECPA prohibits telecom companies from disclosing customer records to the government except in specified circumstances. One of them is not when an FBI agent shows up at your office and says, “Mind if I take a look at that?”

The targets of the FBI’s illegal record grabs are unknown, with one major exception. “Some of the most troubling improper requests for telephone records,” the inspector general’s report notes, “occurred in media leak cases, where the FBI sought and acquired reporters’ telephone toll billing records and calling activity information without following federal regulation or obtaining the required Attorney General approval.” In 2008 FBI Director Robert Mueller apologized for the bureau’s improper snooping on foreign correspondents for The New York Times and The Washington Post.

Obviously, federal agencies require investigative authority to combat terrorism and other crimes.  But those investigations need to be conducted in accordance with the law and Constitution.  We must never forget that it is a free society which we are defending.