Surveillance

The Same FBI That Wants To Destroy Encryption Is Still Illegally Snooping on Americans

Years after surveillance reforms, federal personnel can’t seem to comply with the Fourth Amendment.

|

As late as last year, agents at the FBI were still violating the privacy rights of American citizens through misuse of federal surveillance tools, a ruling from the Foreign Intelligence Surveillance Court (FISC) has revealed.

The ruling is from October 2018 but was only declassified and disclosed this week, albeit in a heavily redacted format. In the process of analyzing and reauthorizing the FBI's ability to engage in warrantless domestic surveillance under Section 702 of the Foreign Intelligence Surveillance Act, FISC Judge James Boasberg determined that on multiple occasions, FBI personnel were not properly restricting their searches and thereby violated the Fourth Amendment rights of American citizens.

The misuse of Section 702 surveillance authorities was widely exposed by whistleblower Edward Snowden, who alerted Americans and the world that our government was collecting and storing massive amounts of private data about millions of people without warrants or probable cause, violating everybody's privacy in the name of allegedly tracking down terrorism.

Eventually, Congress passed reforms requiring the FBI to be more specific about its use of search terms in order to look through and access phone and internet data collected domestically. They had to make sure they were confining their snooping for evidence of criminal activity or information about targets of foreign surveillance. They were no longer supposed to collect and hold massive amounts of U.S. citizen metadata and engage in fishing expeditions among millions and millions of call and internet records, looking for matches on vague terms. They were now expected to request data being held by telecoms under more specific language, all intended to make sure they were not accessing data that was unrelated to any crime or terrorism investigation.

But according to Boasberg's ruling, FBI employees on multiple occasions did not properly follow the rules and were able to query and access data that they aren't allowed to see. They were able to do this because the data querying process did not require FBI personnel to prove that the search terms they used were intended to seek information connected to a crime of foreign intelligence information. As a result, agents conducted numerous illegal searches. On a single day in December 2017, for instance, the FBI used Social Security numbers for nearly 7,000 searches of the National Security Agency (NSA) database. On another occasion, FBI personnel ran searches for improper personal reasons. One contractor searched for information about himself, other employees, and family members. In February 2018, FBI personnel improperly performed dozens of queries to get information about potential sources, not targets of an investigation.

Despite the passage of legal restrictions that are supposed to prevent the illegal use of Americans' data, it's still happening. And it appears that many FBI employees either do not understand or do not care that they can't just go around looking at our private data. In his ruling, Boasberg notes, "The government acknowledges that such queries general resulted from 'fundamental misunderstandings by some FBI personnel [about] what the standard "reasonably likely to return foreign intelligence information" means.'"

This all tracks with some observations from Snowden's new book, in which he recounts witnessing little oversight to make sure personnel were not abusing their surveillance authority.

In August, the FBI amended its querying procedures to make sure that personnel properly differentiate between queries involving U.S. citizens and other queries, and to make sure that the search terms are "reasonably likely to retrieve foreign intelligence information or evidence of a crime prior to reviewing the contents returned by such a query."

At the same time, the Department of Justice is trying to stop Facebook from implementing end-to-end encryption across its messaging services (including WhatsApp) unless it includes some form of "back door" so that the government can bypass and access the data.

Attorney General William Barr, joined by his counterparts in the United Kingdom and Australian governments, has sent a letter urging Facebook against implementing encryption that would lock out law enforcement, opining, as they have all this time, that encryption will make it harder for them to gather the evidence necessary to arrest and convict criminals.

And by "criminals," they lean heavily—almost exclusively—on child predators. The letter argues:

Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned. [The U.S. National Center for Missing & Exploited Children] estimates that 70% of Facebook's reporting – 12 million reports globally – would be lost. This would significantly increase the risk of child sexual exploitation or other serious harms. You have said yourself that "we face an inherent tradeoff because we will never find all of the potential harm we do today when our security systems can see the messages themselves". While this tradeoff has not been quantified, we are very concerned that the right balance is not being struck, which would make your platform an unsafe space, including for children.

We should be wary when the government presents the worst-case crime scenario in an attempt to weaken our right to privacy. There is no such thing as a tool that would allow only the United States, the United Kingdom, or Australia to bypass encryption solely for the purpose of helping abused children; any such "back door" could also fall into the hands of Russian or North Korean hackers, the Chinese government, or a Middle Eastern authoritarian government, all of whom would likely use the tool to cause chaos and persecute dissidents.

And with this news from the FISC, we now know that our own government still can't be trusted to use its surveillance powers responsibly or legally. FBI employees still cannot keep from helping themselves to American citizens' private data. We should be equally concerned about random American, British, and Australian government officials accessing our private data secretly. They've made it abundantly clear that they want to.

Privacy and tech freedom organizations from around the world sent a letter in response to Facebook, encouraging them, in no uncertain terms, to stick with a plan for end-to-end encryption and begging them "to resist calls to create so-called 'backdoors' or 'exceptional access' to the content of users' messages, which will fundamentally weaken encryption and the privacy and security of all users." These are organizations not just in the United States (like the American Civil Liberties Union and Americans for Prosperity), but organizations also in places like the Philippines and Uganda, where human liberty is severely restricted.

The United States government has shown repeatedly that it cannot be trusted to protect citizen privacy and hand-wringing about child predators simply doesn't change the circumstances here. Facebook should push forward and tell Barr to go get his own house in order first.