FBI personnel improperly searched an expansive foreign surveillance database for tens of thousands of phone numbers and email addresses that included those of Americans, in violation of rules put in place to protect Americans’ constitutional rights, according to a court ruling.
“The FBI procedures, as implemented, have involved a large number of unjustified queries conducted to retrieve information about U.S. persons,” said James Boasberg, a judge on the secret Foreign Intelligence Surveillance Court (FISC), in an Oct. 18, 2018, ruling (pdf) that was released with redactions on Oct. 8.
The database aggregates data collected under Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows warrantless surveillance “of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.”
The data collection is notoriously broad, with communications of many Americans getting caught in the mix, such as by them emailing or receiving emails from one of the targeted addresses.
The FBI is allowed to query the database, as long as the results are “reasonably likely to return foreign-intelligence information or evidence of crime.”
But, since April 2017, when the Section 702 surveillance was last certified by the FISC, “a large number of FBI queries” didn’t comport to the rules.
The government argued that such queries generally resulted from “fundamental misunderstandings by some FBI personnel [about] what the standard ‘reasonably likely to return foreign intelligence information’ means.”
Among issues the judge pointed out, he said the FBI had a practice of bundling many targets into one query with a justification that only applied on the whole, but not necessarily to each individual target. For instance, when the bureau would look for a leaker, it would determine who had access to the leaked information and query all such individuals because it was reasonably likely that such a query would return evidence of a crime—the illegal leak.
“It is by no means obvious how such justification-by-aggregation would be consistent with” the FBI procedures, Boasberg said.
In a phone call, Marc Ruskin, a former FBI agent and an Epoch Times contributor, warned against reading too much into Boasberg’s ruling since, partly due to the redactions, it doesn’t provide enough information to independently evaluate whether the FBI queries in question were indeed improper.
The FISC was still holding back on the 2018 certification on July 12 (pdf), saying FBI documentation procedures lack a means to differentiate “whether a particular query term relates to a United States person or a non-United States person.”
The court also left open the question of whether the FBI procedures violated Americans’ Fourth Amendment right to be secure from “unreasonable searches and seizures.”
The government has since updated the FBI procedures, which the FISC found “sufficient,” according to the Office of the Director of National Intelligence (ODNI).
The FBI had no comment when asked by The Epoch Times if anyone was disciplined in relation to the unjustified searches or if the targets of the searches were informed about what had happened.
The ODNI didn’t respond to a request by The Epoch Times for comment.
There were multiple instances of improper searches of the surveillance database, the FISC learned.
“It appears that many subjects of those queries were U.S. persons,” the judge said, acknowledging it was “difficult on the record before the Court to assess to what extent U.S. person information was returned and examined as a result of those queries.”
“At a minimum, however, the reported querying practices present a serious risk of unwarranted intrusion into the private communications of a large number of U.S. persons.”
In 2017, between March 24 and 27, “the FBI’s [redacted] conducted queries using identifiers for over 70,000 communication facilities ‘associated with’ persons with access to FBI facilities and systems,” the ruling said.
“Communication facilities” are means of communication, such as email addresses or phone numbers.
“[Redacted] proceeded with those queries notwithstanding advice from the FBI Office of General Counsel (OGC) that they should not be conducted without approval by OGC and the National Security Division (NSD) of the Department of Justice [DOJ],” the ruling says, also noting, though, that “the FBI did not examine the results of those queries.”
The ruling further says that on Dec. 1, 2017, “the FBI’s [redacted] conducted over 6,800 queries using identifier of persons [redacted].”
Between Dec. 7 and 11, 2017, “[redacted] also conducted over 1,600 queries using identifiers of persons [redacted]. The [redacted] who conducted those queries advised he did not intend to run them against raw FISA information, but nonetheless reviewed raw FISA information returned by them.”
On Feb. 5 and Feb. 23, 2018, “the FBl’s [redacted] conducted approximately 30 queries regarding potential [redacted] sources, e.g., persons who [redacted] where the subject of a [redacted] investigation was [redacted].”
On Feb. 21, 2018, “the FBI’s [redacted] conducted approximately 45 queries to retrieve information on persons [redacted] under consideration as potential sources of information.”
The government also told the FISC that an unspecified FBI unit “conducted what may be considered queries against raw FISA-acquired [metadata] … using what appear to be identifiers of approximately 57,000 individuals who work [redacted].”
The date of the queries wasn’t provided, “though it is reported that the FBI informed NSD of them on April 13, 2018,” the ruling said.
The government also disclosed to the FISC several queries that involved requests that were “to return information for just one person,” though the names have been redacted.
“At some time before March 2015, the FBI’s [redacted] conducted a query [redacted].
“At some time before May 2016, the FBI’s [redacted] conducted a query on [redacted] before serving a classified order on [redacted].
“On October 11, 2017, the FBI’s [redacted] queried [redacted] to identify cleared personnel on whom to serve process.
“On November 11, 2017, the FBI’s [redacted] conducted a query on a potential recipient of a FISA order.”
Further “non-compliant queries” included:
“A small number of cases in which FBI personnel apparently conducted queries for improper personal reasons—for example, a contract linguist who ran queries on himself, other FBI employees, and relatives.
“A number of instances in which FBI personnel inadvertently ran queries against Section 702 information.
“A set of queries (overlapping to some extent with the set of inadvertent queries of Section 702 data) apparently intended to return FBI documents or material.”
In the court’s view, the last three instances “do not present the same level of concern as those that evidence misunderstanding of the querying standard.”
“It would be difficult to completely prevent personnel from querying data for personal reasons,” the judge said.
Prior FISA Abuse
The FISC has criticized FISA database abuse before. In an April 26, 2017, ruling, the court said that the FBI had employed outside contractors who had access to raw Section 702 data, and retained that access after their work for the FBI was completed. DOJ oversight personnel learned about it on March 9, 2016. According to the ruling, that wasn’t an isolated incident—the improper access granted to outside contractors “seems to have been the result of deliberate decisionmaking.”
Following the discovery of the contractors’ improper access, then-National Security Agency (NSA) head Adm. Mike Rogers directed the NSA’s Office of Compliance to conduct a “fundamental baseline review of compliance associated with 702” at some point in early April 2016.
On April 18, 2016, Rogers shut down all FBI outside-contractor access to the database.
Yet the DOJ failed to disclose the NSA review to the FISC when the DOJ’s then-National Security Division (NSD) head, John Carlin, filed the government’s proposed 2016 Section 702 certifications on Sept. 26, 2016. Carlin knew about the review since the NSD was part of it. He resigned the day after filing the certifications. Before his resignation became effective, Carlin again failed to disclose FISA abuse during an Oct. 4, 2016, follow-up court hearing. The FISC later called the omission an institutional “lack of candor.”
On Oct. 24, Rogers briefed the FISC himself, several days, he said, after he was briefed on the results of the NSA review findings.
Also in October 2016, then-DNI James Clapper and then-Defense Secretary Ash Carter submitted a recommendation that Rogers be removed from his position as NSA chief. The move failed.
Update: The article has been updated with comments of former FBI agent and Epoch Times contributor Marc Ruskin as well as further information about FISA, the FISC rulings, prior FISA abuse, and The Epoch Times’ requests for comment to the FBI and the ODNI.