FBI failed to disclose violations of surveillance statute, watchdog report shows
Yesterday, the Office of the Inspector General for the Department of Justice (OIG) released its 2012 report on Activities Under Section 702 of the FISA Amendments Act of 2008 for the first time. When the report was originally issued, it was classified and not disclosed to the public. The report, in redacted form, was released in response to a FOIA lawsuit filed by The New York Times, and reveals that the FBI failed to report that it illegally collected information on individuals inside the United States.
Section 702 only allows the government to collect the communications of foreign persons "reasonably believed" to be located outside the United States. Under 702, the government is explicitly barred from collecting communications on "United States persons" — citizens, aliens or even domestic organizations — or those inside the United States. The section requires the Attorney General and Director of National Intelligence to adopt "targeting procedures" designed to ensure that collection of communications only takes place outside of the United States.
But the OIG report illustrates that FBI amassed information on persons inside the United States under 702, and failed to report this violation of the statute as required. These particular violations by the FBI were not discussed in detail in the Privacy and Civil Liberties Oversight Board's July 2014 Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act.
The FBI began its collection activities under 702 in September 2008. One of the FBI’s roles under 702 is to approve the NSA’s “selectors,” or identifiers for online communications, for targeting. A core aspect of the FBI’s function is to approve the NSA’s “foreignness determination” regarding whether the persons targeted under 702 were either in the United States or U.S. persons. If the NSA learned that the communications of a person in the United States were being collected in error, NSA was supposed to inform the FBI.
In reviewing the FBI’s activities, the OIG found “several acquisitions” where the target was located in the United States at the time the surveillance occurred. But until October 2009 –over a year after surveillance began — the NSA did not notify FBI that certain communications were collected in error. As a result, although the FBI is required by statute to undertake an annual review that includes “the number of targets that were later determined to be located in the United States and, to the extent possible, whether communications of such targets were reviewed,” its annual report for the 2009 reporting period erroneously stated that it “did not discover” that it had acquired information from a target located in the United States.
The OIG report pointed out that the FBI should have been able to ascertain whether it was complying with the statute. The FBI's “expertise” in determining whether communications were within or outside the United States could help the agency determine whether a surveillance target was, in fact, in the United States at the time the surveillance occurred. Yet the FBI claimed to be "unaware" of these violations.
It is essential that collection of foreign intelligence information under Section 702 be conducted in a way that protects US persons and US soil, because collection activities can impact the exercise of free expression. Section 702 provides the legal rationale for the much-discussed PRISM program authorizing bulk collection of communications content from service providers such as Google and Yahoo. Last week, PEN America issued a report showing that mass surveillance like that conducted under PRISM induces self-censorship among writers worldwide and "has gravely damaged the United States' reputation as a haven for free expression at home, and a champion of free expression abroad." As Charlie Savage of The New York Times noted, many aspects of PRISM have been declassified. Nonetheless, there is very little unredacted discussion of the program in the newly released report.
The violations discussed in the report illustrate a clear breach of the targeting procedures, required by Section 702, that ensure that acquisition is limited to non-U.S. persons outside the United States. Of course, those targeting procedures are lax, and questions have long been raised about the procedures' adequacy; the PCLOB wrote that the scope of incidental collection of U.S. persons' information under 702 "push[es] the entire program close to the line of constitutional reasonableness." Documents provided to The Guardian by whistleblower Edward Snowden showed that the NSA presumes that people “reasonably believed to be located outside the United States” are not considered U.S. persons unless they can be “positively identified as a United States person.” It remains unclear how the FBI and NSA determine that a person is “reasonably believed to be located outside the United States.” But the OIG report illustrates that the process for determining that a person is outside the United States is far from error-free and confirms the problem of overcollection of information under existing foreign intelligence statutes.