Having Secured A Clean 702 Reauthorization, The FBI Gets Back On Its Backdoor Search Bullshit
There was more contention than usual prior to the most recent reauthorization of Section 702 surveillance powers. The blame for the multiple fights leading up to a clean renewal lies entirely at the feet of the FBI, which has constantly abused its access to NSA collections to perform warrantless searches targeting US persons’ communications.
Normally, this sort of thing would require a warrant. I mean, that’s how it works everywhere else. But by dipping into the communications harvested by this “foreign-facing” surveillance program, the FBI has been able to avoid seeking warrants even as it accesses communication originating in the United States.
Somehow, that’s just not enough for the FBI. Having a backdoor that bypasses the Fourth Amendment would seem to be a pretty sweet deal, but the FBI has spent years ignoring its internal policies and directives from the FISA Court to engage in the sort of surveillance most people would think only governments without established Constitutional protections would dare to engage in, especially with as much frequency as the FBI did.
Then the FBI finally targeted the wrong people: Trump-supporting legislators who thought the agency went too far when it targeted communications from their in-group. This led to a lot of Republican opposition to a clean reauthorization. It also gave other legislators (like Senator Ron Wyden and others who are far less partisan in their activities) hope this might be the year the FBI was finally hit with a warrant requirement.
But, by the time the Capitol Hill dust had settled, the NSA and FBI got (another) free pass on everything. The reforms were stripped from the final bill and the president signed it shortly thereafter.
The same day President Biden signed the bill, at least one FBI official was instructing analysts to continue taking full advantage of the backdoor action that had managed, once again, to avoid being hit with any restrictions or warrant requirements. Here’s Dell Cameron and William Turton with the details for Wired:
Obtained by WIRED, an April 20 email authored by FBI deputy director Paul Abbate to employees states: “To continue to demonstrate why tools like this are essential to our mission, we need to use them, while also holding ourselves accountable for doing so properly and in compliance with legal requirements.” [Emphasis his.]
Added Abbate: “I urge everyone to continue to look for ways to appropriately use US person queries to advance the mission, with the added confidence that this new pre-approval requirement will help ensure that those queries are fully compliant with the law.”
Rather than acknowledge the near-miss, the deputy director went the other way, insisting the best way to demonstrate the real-world value of warrantless access is to engage in even more warrantless access. Abbate’s email is couched in language that suggests analysts should do all they can to ensure they don’t violate internal policies or FISA-ordered restrictions. But it still encourages FBI agents to “look for” reasons to obtain US persons’ communications, which suggests at least some caution should be thrown to the wind if necessary.
Not a great look, even if Abbate takes time to stress accountability. But it’s only internal accountability and there’s no reason to believe this accountability is any better than the accountability (or, rather, the lack thereof) it has demonstrated when doing business with the FISA court.
But there’s another reason the FBI shouldn’t be encouraging more use of a program that has been abused incessantly since its inception: more use means more opportunities for abuse. That’s just the way things are. There’s no getting around it. While it may result in a smaller overall percentage of abusive searches, it will result in more total abusive searches. You would hope an agency that nearly got hit with a warrant requirement would show a bit more caution as it moved forward, rather than send out a “do as many searches as you can” email to FBI analysts with access to 702 collections.
Then there’s the problem of the abuse, which hasn’t gone away. It’s difficult to determine how many times the FBI seeks access to US persons’ communications. It recently changed how it reported these searches, which resulted in precipitous drop in the number of total searches.
The bureau first began reporting the figure publicly in 2021, releasing the total number of times that these searches took place. That number was 2.9 million. Since then, the FBI has “updated its counting methodology” to count only unique searches. (To wit, running the same phone number through the database multiple times a year now counts as a single search.) As a result, at least in part, the number dropped to 119,383 the following year. In 2023, under more stringent guidelines, it dropped further, to 57,094.
So, there’s no telling how many searches are actually being performed. The FBI has only been reporting these numbers for three years and it has already changed its “counting methodology” once. That could mean internal and external restrictions have actually resulted in less access to US person’s communication. Or it could mean analysts are accessing these communications just as often as they did in 2001, but have found a way to report these numbers to make it look as though the agency has reined in this access a bit. Then again, it might mean the FBI is doing more but reporting less by bundling searches to lower the total number of searches while giving it access to a greater number of communications. And there’s no way we’ll ever know what the FBI is actually doing without an outside audit of its Section 702 activities, something the agency is likely to oppose, obstruct, and otherwise delay from being made public.
As for the “full compliance” Abbate suggests analysts should strive for, it would appear to be little more than deciding whether or not to click a check box or “I Understand” button before engaging in a backdoor search of US persons’ communications.
While touting its 98% “compliance” rate en route to securing a clean reauthorization of its warrantless access, FBI officials and the Justice Department said this:
In a statement earlier this year, the FBI claimed that many of these errors are the result of its employees failing to label whether a search, in fact, targeted a “US person.”
Not exactly reassuring. Unless these searches are audited thoroughly and regularly, the actual error rate will be impossible to determine. And not every error will actually be an error. Some will be unapproved searches being treated as “compliant” just because the correct button was clicked by the analyst performing the search.
While it is quite possible the FBI is handling its powers more responsibly these days, the fact is that it’s a pretty low bar to reach. The FBI abused its access for years. Only very recently did it appear to show any interest in limiting abuse. And that mostly seemed motivated by its desire to dodge a warrant requirement, rather than contrition for past misconduct. And now that the “new” Section 702 has expanded the list of potential communication sources, we can safely expect the problem the FBI has done little to control will actually get worse in the years to come.