The Washington PostDemocracy Dies in Darkness

FBI and NSA violated surveillance law or privacy rules, a federal judge found

The J. Edgar Hoover FBI Building in Washington. (Astrid Riecken for The Washington Post)

Two of the nation’s largest surveillance agencies repeatedly violated either the law or related court orders in incidents reported last year despite training on the procedures set up to protect the privacy of U.S. persons, a federal judge found.

The FBI flouted the law and the National Security Agency ignored a rule to safeguard civil liberties when these agencies gathered or searched emails and other communications gathered from U.S. tech and phone companies, under a statute designed to produce foreign intelligence, ruled Judge James E. Boasberg, presiding judge of the Foreign Intelligence Surveillance Court, in a significant opinion made public Friday.

“It should be unnecessary to state that government officials are not free to decide for themselves whether or to what extent they should comply with court orders,” Boasberg wrote in the December 2019 opinion.

Read the FISA Court opinion by Judge Boasberg

The 83-page partially redacted ruling by Boasberg was released by the Office of the Director of National Intelligence. It focused on whether to approve a new set of rules enabling the FBI, NSA and CIA to continue collecting and searching millions of communications gathered from American companies under a law known as “Section 702” of the Foreign Intelligence Surveillance Act.

Passed in 2008 and renewed in 2017, the law is the most potent power Congress has granted U.S. spy agencies to gather intelligence on everything from terrorism to nuclear proliferation to foreign adversaries’ plans and intentions. Because of its reach, and the potential to scoop up innocent Americans’ communications, Congress and the courts have imposed rules on how the government can collect and use the data.

In a first, appeals court raises privacy questions over government searches for Americans’ emails

Though Boasberg was at times scathing in his criticism, he signed off on the new rules or “certifications,” saying he expected them to address the problems — a fact that dismayed privacy advocates.

“What would it take for the FISA court to say no?” said Elizabeth Goitein, co-director of the liberty and national security project at the Brennan Center for Justice.

Boasberg’s opinion was notable both for the pervasiveness of the transgressions documented and his seeming acceptance of the government’s defense, which is that many occurred before remedial measures were put in place last year.

“The FBI is really just starting to implement” some of its new procedures “on a comprehensive basis,” he wrote.

Nonetheless, he observed how “there still appear to be widespread violations” of the FBI’s standard for searching the data more than a year after the same court noted the violations.

That rule required FBI queries of the Section 702 information to be designed to be “reasonably likely” to retrieve foreign intelligence information or evidence of a crime. Instead, FBI personnel last year searched for information on a candidate for a local police officer job, on college students participating in a “Collegiate Academy,” on potential sources and on a victim who reported a crime, Boasberg documented.

And in perhaps the most startling example cited in the ruling, the FBI made a batch query of 16,000 people — the size of a small town — only seven of whom had an apparent link to criminal activity or foreign intelligence information. Some were U.S. citizens, though it is not known how many. The court did not say what the search was for.

The FBI maintained that the queries for all 16,000 people were reasonably likely to return foreign intelligence or evidence of a crime, Boasberg wrote, but he called that contention “unsupportable.”

A senior FBI official, speaking on the condition of anonymity to discuss the matter, said in an emailed statement that the issue of whether a query is likely to return foreign intelligence information is “very fact-sensitive.” The official said the bureau has retrained the entire workforce to know the standard.

The FBI violated the law, Boasberg said, when it accessed communications involving U.S. persons in cases where they were seeking evidence of a crime not related to national security, without first obtaining a court order. The violation was found through an oversight review of four field offices, though Boasberg said it is likely the violation was more widespread.

The incident resulted from the way information was showing up in a “preview pane” on an FBI system, said the senior FBI official on a briefing call with reporters. “So employees were running searches not realizing they were hitting [off-limits data],” the official said. The bureau took steps to prevent it from happening again, the official said.

The law’s targeting procedures are designed to prevent the NSA’s collection of wholly domestic communications — where both sender and receiver are U.S. persons. NSA personnel chose to ignore one of those procedures last year because they were worried they were losing foreign intelligence and because they felt the rule was no longer needed, as the agency had stopped a problematic form of collection, according to senior intelligence officials. The violation was discovered and reported to the court.

The agency did not pick up any domestic communications in that incident, but nonetheless the NSA purged the data, ODNI Privacy Officer Ben Huebner said in a briefing call with reporters.

“The point of having the court approve these procedures is, it’s not up to the agency to decide whether it’s reasonable to use them or not,” said Julian Sanchez, senior fellow at the Cato Institute. “It’s up to the court.