But James E. Boasberg, the court’s presiding judge, said the violations occurred before the FBI improved its querying system and training program, and that the coronavirus pandemic has limited the government’s ability to monitor compliance.
“While the Court is concerned about the apparent widespread violations . . . it lacks sufficient information at this time” to assess the adequacy of FBI system changes and training, he said.
Therefore, he wrote, “the Court is willing to again conclude that the . . . [FBI’s] procedures meet statutory and Fourth Amendment requirements.”
The findings mark at least the third set of FBI rule breaches in the past several years, often involving large numbers of Americans’ communications. That raises the question, analysts say, whether a dozen years into the surveillance program, the issue is systemic.
“We can continue playing compliance whack-a-mole,” said Julian Sanchez, a senior fellow at the Cato Institute. “But at this point, it’s reasonable to ask whether this sort of large-scale collection on a ‘general warrant’ model is inherently prone to these problems in a way that resists robust and timely oversight.”
At issue is a law known as Section 702 of the FISA Amendments Act. FISA is short for the Foreign Intelligence Surveillance Act, which sets limits on spying on U.S. soil in national security cases.
In October 2018 the same judge said the FBI, against the advice of its general counsel, queried the Section 702 data using more than 70,000 email addresses or phone numbers.
In a December 2019 opinion, Boasberg found that the FBI again transgressed the privacy rules by searching for information on a job candidate, potential sources and a crime victim.
In the latest disclosures, Boasberg said an FBI specialist conducting “background investigations” made 124 queries of raw Section 702 data using the names of individuals who had asked to take part in an FBI “Citizens Academy,” a program to foster greater understanding of the bureau’s role in the community; who needed to enter the field office to perform a service such as repairs; and who were seeking to report tips or crimes.
“We’ve seen this movie before,” Sanchez said. “The court wags its finger at systemic noncompliance but ultimately decides to give the FBI yet another chance.’’
The FBI has been caught up in controversy involving Section 702 since its passage in 2008, and that scrutiny intensified after the 2013 revelations of government surveillance by former National Security Agency contractor Edward Snowden.
Under Section 702, the government obtains emails and other communications from tech companies for foreign intelligence purposes and to aid government investigations into foreign terrorism, espionage and nuclear proliferation. The FBI conducts both national security and criminal probes. But its access to the raw data has worried civil liberties advocates, some of whom, such as Sen. Ron Wyden (D-Ore.), have pressed for a requirement that the FBI obtain a warrant whenever it wants to search Section 702 data for an American. Congress in 2018 allowed FBI searches for purely criminal investigations, but only with a court order.
A senior FBI official said only 3.6 percent of the targets collected under Section 702 are currently made available to the FBI. The official spoke on the condition of anonymity under ground rules set by the Office of the Director of National Intelligence.
In another revelation, however, Boasberg found that in 2019-2020, the Justice Department’s national security division reported “numerous incidents” to the court involving queries on Americans for criminal evidence without the FBI first obtaining court permission.
In one example, the FBI made 40 queries in support of probes into health-care fraud, international organized crime, violent gangs and domestic terrorism. None was related to national security, he wrote.
The Justice Department found similar violations at seven field offices, he wrote. None of the information, however, was used in a criminal or civil case or for any investigative purpose, Boasberg said.
He also noted a weakness in the FBI’s querying system, which defaults to a setting that enables Section 702 data access. The system asks users whether their query is designed to turn up criminal evidence only. Unless a user manually changes the answer to “yes,” the system will permit data access. Even if the user replies “yes,” that setting expires after 30 minutes, reverting to the default.
The senior FBI official said the bureau is reviewing the setup. “We are continuing to keep an eye on [it],” the official said, “to see if we need to have system changes or not.”
Most of the system and training modifications were completed by December 2019, the FBI official said. Some took place last year. The FBI opened an Office of Internal Auditing in October. The same month, it fixed a problem with a separate search tool, which until that point enabled “bulk” queries without entering a justification.