At issue is a data-collection program whose roots lie in 9/11 and that focuses on foreign targets overseas. The data is gathered from U.S. Internet service providers and tech firms, however, and includes a significant but unknown number of Americans’ communications.
Court opinions disclosed Tuesday by U.S. intelligence officials also show that, despite concerns raised by the Foreign Intelligence Surveillance Court (FISC), the FBI resisted for nearly a year to change its procedures for tracking its queries for the data of Americans.
In August, the FBI acquiesced and agreed to distinguish between queries made using Americans’ phone numbers and email addresses and those that do not, among other changes it has made to address the court’s concerns.
In the most noteworthy violation disclosed Tuesday, the FBI in March 2017 conducted queries on databases using more than 70,000 email addresses or phone numbers of FBI employees or contractors. The bureau proceeded with the queries despite the advice of its general counsel, though it did not review the results, according to an October 2018 court opinion.
In another incident, reported in April 2018, the FBI made a series of queries using the emails or phone numbers of 57,000 individuals.
In both instances, the aim was to uncover foreign intelligence information, which is consistent with the law. But the nature of the searches — whether for counterintelligence purposes or otherwise — was not clear from the redacted rulings released Tuesday.
There were other incidents which involved queries for only one person’s information, which the court found less concerning than the “batch” queries. But the individual cases nonetheless ran afoul of the law because the FBI had not shown a reasonable belief that the queries were designed to retrieve foreign intelligence information, Judge James E. Boasberg found in the October 2018 opinion.
Boasberg also ruled that the bureau failed to distinguish when its queries involved U.S. people and non-U.S. people, and that it did not adequately document its justification for the queries.
Congress in January 2018 revised Section 702, creating a requirement that the FBI account for each query it made for a U.S. person’s data.
Boasberg criticized what he called the “broad and apparently suspicionless nature” of the batch queries, and the “lack of common understanding” within the FBI and Justice Department of what it means for a query to be “reasonably likely” to return foreign intelligence information or evidence of a crime.
He said the FBI believed that “aggregation” of individual queries could satisfy the standard even if an individual query might not. The bureau, he said, hypothesized a situation in which a federal contractor might have access to secrets that were compromised, and the bureau might then search for 100 of the firm’s employees to see if it turned up evidence of a crime.
“By no stretch of language could one say that an individual query for a randomly selected one of those 100 employees would be reasonably likely to return foreign intelligence information or evidence of a crime,” he said.
One congressional aide said that, in his view, the FBI’s violations were “not particularly alarming” and related more to “FBI culture” than a willful attempt to flout the law. He spoke on the condition of anonymity to discuss sensitive law enforcement practices.
Rather than addressing Boasberg’s concern that its failure to distinguish between American and foreign searches violated the law, the FBI chose to appeal. It said that being forced to keep track of searches in that way would hamper its ability to carry out its mission. In July, the Foreign Intelligence Surveillance Court of Review upheld Boasberg’s decision. And in September, Boasberg approved the FBI’s new procedures.
In a briefing Tuesday, a senior FBI official, who spoke on the condition of anonymity to discuss sensitive law enforcement practices, stressed that the bureau queried its Section 702 holdings not only to respond to specific threats, but also to “proactively” identify threats the FBI might not be aware of. “If we’re not aggressive enough, the American public is at risk,” the official said. “If we’re too aggressive, we’ll have numerous compliance incidents and erode confidence of the FISC, Congress and the American public.”
Sen. Ron Wyden (D-Ore.), a vocal critic of the FBI’s resistance to accounting for its U.S. person searches, said, “Today’s release demonstrates how baseless the FBI’s position was.”
The congressional aide said the changes in the FBI’s procedures will be “extensive but needed.” And, the aide added, “they’re likely to be costly, in the millions.”