Monday, March 17, 2008
Saturday, September 22, 2007
Saturday, March 24, 2007
The Gulag: Secret Informers, Closed Investigations and Our Criminal Government
It is the policy of The Washington Post not to publish anonymous pieces. In this case, an exception has been made because the author -- who would have preferred to be named -- is legally prohibited from disclosing his or her identity in connection with receipt of a national security letter. The Post confirmed the legitimacy of this submission by verifying it with the author's attorney and by reviewing publicly available court documents.
The Justice Department's inspector general revealed on March 9 that the FBI has been systematically abusing one of the most controversial provisions of the USA Patriot Act: the expanded power to issue "national security letters." It no doubt surprised most Americans to learn that between 2003 and 2005 the FBI issued more than 140,000 specific demands under this provision -- demands issued without a showing of probable cause or prior judicial approval -- to obtain potentially sensitive information about U.S. citizens and residents. It did not, however, come as any surprise to me.
Three years ago, I received a national security letter (NSL) in my capacity as the president of a small Internet access and consulting business. The letter ordered me to provide sensitive information about one of my clients. There was no indication that a judge had reviewed or approved the letter, and it turned out that none had. The letter came with a gag provision that prohibited me from telling anyone, including my client, that the FBI was seeking this information. Based on the context of the demand -- a context that the FBI still won't let me discuss publicly -- I suspected that the FBI was abusing its power and that the letter sought information to which the FBI was not entitled.
Rather than turn over the information, I contacted lawyers at the American Civil Liberties Union, and in April 2004 I filed a lawsuit challenging the constitutionality of the NSL power. I never released the information the FBI sought, and last November the FBI decided that it no longer needs the information anyway. But the FBI still hasn't abandoned the gag order that prevents me from disclosing my experience and concerns with the law or the national security letter that was served on my company. In fact, the government will return to court in the next few weeks to defend the gag orders that are imposed on recipients of these letters.
Living under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case -- including the mere fact that I received an NSL -- from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been. I hide any papers related to the case in a place where she will not look. When clients and friends ask me whether I am the one challenging the constitutionality of the NSL statute, I have no choice but to look them in the eye and lie.
I resent being conscripted as a secret informer for the government and being made to mislead those who are close to me, especially because I have doubts about the legitimacy of the underlying investigation.
The inspector general's report makes clear that NSL gag orders have had even more pernicious effects. Without the gag orders issued on recipients of the letters, it is doubtful that the FBI would have been able to abuse the NSL power the way that it did. Some recipients would have spoken out about perceived abuses, and the FBI's actions would have been subject to some degree of public scrutiny. To be sure, not all recipients would have spoken out; the inspector general's report suggests that large telecom companies have been all too willing to share sensitive data with the agency -- in at least one case, a telecom company gave the FBI even more information than it asked for. But some recipients would have called attention to abuses, and some abuse would have been deterred.
I found it particularly difficult to be silent about my concerns while Congress was debating the reauthorization of the Patriot Act in 2005 and early 2006. If I hadn't been under a gag order, I would have contacted members of Congress to discuss my experiences and to advocate changes in the law. The inspector general's report confirms that Congress lacked a complete picture of the problem during a critical time: Even though the NSL statute requires the director of the FBI to fully inform members of the House and Senate about all requests issued under the statute, the FBI significantly underrepresented the number of NSL requests in 2003, 2004 and 2005, according to the report.
I recognize that there may sometimes be a need for secrecy in certain national security investigations. But I've now been under a broad gag order for three years, and other NSL recipients have been silenced for even longer. At some point -- a point we passed long ago -- the secrecy itself becomes a threat to our democracy. In the wake of the recent revelations, I believe more strongly than ever that the secrecy surrounding the government's use of the national security letters power is unwarranted and dangerous. I hope that Congress will at last recognize the same thing.
Original article posted here.
Thursday, March 22, 2007
Just another example of why laws don't matter
The Justice Department's inspector general told a committee of angry House members yesterday that the FBI may have violated the law or government policies as many as 3,000 times since 2003 as agents secretly collected the telephone, bank and credit card records of U.S. citizens and foreign nationals residing here.
Inspector General Glenn A. Fine said that according to the FBI's own estimate, as many as 600 of these violations could be "cases of serious misconduct" involving the improper use of "national security letters" to compel telephone companies, banks and credit institutions to produce records.
National security letters are comparable to subpoenas but are issued directly by the bureau without court review. They largely target records of transactions rather than personal documents or conversations. An FBI tally showed that the bureau made an average of 916 such requests each week from 2003 to 2005, but Fine told the House Judiciary Committee that FBI recordkeeping has been chaotic and "significantly understates" the actual use of that tool.
Fine, amplifying the criticisms he made in a March 9 report, attributed the FBI's "troubling" abuse of the letters to "mistakes, carelessness, confusion, sloppiness, lack of training, lack of adequate guidance and lack of adequate oversight."
His account evoked heated criticism of the bureau from Republicans and Democrats alike, including a comment from Rep. Dan Lungren (R-Calif.) that it "sounds like a report about a first- or second-grade class."
Testifying with Fine, FBI General Counsel Valerie E. Caproni attributed the shortcomings to poor controls instead of deliberate misconduct and offered profuse apologies. Asked by Rep. Melvin Watt (D-N.C.) whether the public should "be concerned about that kind of disregard of the law and internal process," Caproni replied: "I think the public should be concerned. We're concerned. And we're going to fix it."
She attributed the "F report card" from Fine partly to the bureau's inexperience in conducting its national security work in secrecy, away from a judicial system that threatens to expose any flaws. "That imposes upon us a far higher obligation to make sure we have a vigorous compliance system," she said. She noted, for example, that the FBI never told its agents to retain signed copies of the national security letters used.
"This was an example of the incredibly sloppy practice that was unacceptable," Fine interjected. His report also noted that some lawyers at FBI field offices -- who work for the special agents in charge, rather than for legal officials at FBI headquarters -- felt pressured to go along with requests for letters that they knew were not adequately documented.
Fine's estimate of the incidence of serious abuses was extrapolated from his investigators' scrutiny of 293 national security letters, out of 44,000 letters -- containing 143,074 data requests -- that the FBI has reported issuing during the three-year period he reviewed. Of those letters studied, he found "about seven where there were illegal uses" to obtain information the FBI was not entitled to have. Caproni questioned the validity of the extrapolation but acknowledged that 1 percent of the letters examined by Fine were tainted by "unquestionably serious violations."
Fine said, however, that he found no evidence that FBI agents "intended to go out and obtain information that they knew they could not obtain and said, 'We're going to do it anyway.' I think what they did was complete carelessness" prompted partly by a desire to take "shortcuts."
Fine's extrapolated tally of 3,000 likely illegal or improper letters did not include three other categories of wrongdoing disclosed in his report: One was a headquarters unit's use of 739 "exigent circumstances" letters to obtain telephone records from AT&T, Verizon and MCI on an emergency basis using false statements or improper documentation. The second was an improper use of 300 national security letters to obtain information for a single classified project. And the third was the FBI's use of improper letters to obtain the financial records of 244 people from banks.
Although the FBI's policy is to hold such records for at least 20 years, even if the target of the data collection proves not to have any terrorist connections, Caproni said that if no legal authority can be found during an audit now underway, the records will be destroyed.
Rep. F. James Sensenbrenner Jr. (R-Wis.) expressed surprise at how widespread the use of national security letters had become, asking: "Do we have that many potential terrorists running around the country? If so, I'm really worried." He said the inspector general's report shows that "the FBI has had a gross overreach," and added that its officials "can't get away with this and expect to maintain public support for the tools that they need to combat terrorism."
Original article posted here.
Wednesday, January 31, 2007
Your government loves you
The FBI appears to have adopted an invasive Internet surveillance technique that collects far more data on innocent Americans than previously has been disclosed.
Instead of recording only what a particular suspect is doing, agents conducting investigations appear to be assembling the activities of thousands of Internet users at a time into massive databases, according to current and former officials. That database can subsequently be queried for names, e-mail addresses or keywords.
Such a technique is broader and potentially more intrusive than the FBI's Carnivore surveillance system, later renamed DCS1000. It raises concerns similar to those stirred by widespread Internet monitoring that the National Security Agency is said to have done, according to documents that have surfaced in one federal lawsuit, and may stretch the bounds of what's legally permissible.
Call it the vacuum-cleaner approach. It's employed when police have obtained a court order and an Internet service provider can't "isolate the particular person or IP address" because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department's Computer Crime and Intellectual Property Section. (An Internet Protocol address is a series of digits that can identify an individual computer.)
That kind of full-pipe surveillance can record all Internet traffic, including Web browsing--or, optionally, only certain subsets such as all e-mail messages flowing through the network. Interception typically takes place inside an Internet provider's network at the junction point of a router or network switch.
The technique came to light at the Search & Seizure in the Digital Age symposium held at Stanford University's law school on Friday. Ohm, who is now a law professor at the University of Colorado at Boulder, and Richard Downing, a CCIPS assistant deputy chief, discussed it during the symposium.
In a telephone conversation afterward, Ohm said that full-pipe recording has become federal agents' default method for Internet surveillance. "You collect wherever you can on the (network) segment," he said. "If it happens to be the segment that has a lot of IP addresses, you don't throw away the other IP addresses. You do that after the fact."
"You intercept first and you use whatever filtering, data mining to get at the information about the person you're trying to monitor," he added.
On Monday, a Justice Department representative would not immediately answer questions about this kind of surveillance technique.
"What they're doing is even worse than Carnivore," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation who attended the Stanford event. "What they're doing is intercepting everyone and then choosing their targets."
When the FBI announced two years ago it had abandoned Carnivore, news reports said that the bureau would increasingly rely on Internet providers to conduct the surveillance and reimburse them for costs. While Carnivore was the subject of congressional scrutiny and outside audits, the FBI's current Internet eavesdropping techniques have received little attention.
Carnivore apparently did not perform full-pipe recording. A technical report (PDF: "Independent Technical Review of the Carnivore System") from December 2000 prepared for the Justice Department said that Carnivore "accumulates no data other than that which passes its filters" and that it saves packets "for later analysis only after they are positively linked by the filter settings to a target."