[Infowarrior] - FISA Court Repeatedly Questions FBI Wiretap Network

[Richard Forno]

Secret Spy Court Repeatedly Questions FBI Wiretap Network
By Ryan Singel EmailJune 11, 2008 | 3:13:54 PMCategories: Surveillance

http://blog.wired.com/27bstroke6/2008/06/secret-spy-cour.html

Does the FBI track cellphone users' physical movements without a  
warrant? Does the Bureau store recordings of innocent Americans caught  
up in wiretaps in a searchable database?  Does the FBI's wiretap  
equipment store information like voicemail passwords and bank account  
numbers without legal authorization to do so?

That's what the nation's Foreign Intelligence Surveillance Court  
wanted to know, in a series of secret inquiries in 2005 and 2006 into  
the bureau's counterterrorism electronic surveillance efforts,  
revealed for the first time in newly declassified documents.

The inquires are the first publicly known questioning of the FBI's  
post-9/11 surveillance activities by the secret court, which has  
historically approved nearly every wiretap application submitted to  
it.  The court handles surveillance requests in counterterrorism and  
foreign espionage investigations. The inquiries add to questions  
surrounding how the FBI has used the broad powers handed to it by  
Congress in the 2001 USA Patriot Act, including the FBI's admitted  
abuse of so-called National Security Letters to get stored telephone  
and financial records.

Among other things, the declassified documents reveal that lawyers in  
the FBI's Office of General Counsel and the Justice Department's  
Office of Intelligence Policy Review queried FBI technology officials  
in late July 2006 about cellphone tracking. The attorneys asked  
whether the FBI was obtaining and storing real-time cellphone-location  
data from carriers under a "pen register" court order that's normally  
limited to records of who a person called or was called by.

The internal inquiry seems to have preceded, and was likely prompted  
by, a secret court hearing on the matter days later. Kevin Bankston, a  
lawyer with Electronic Frontier Foundation, says the documents suggest  
that the nation's spy court shares the reluctance of federal criminal  
courts to turn everyday cellphones into tracking devices, in the  
absence of evidence that the target has done something wrong.

"I hope that this signals that the FISC, like many magistrate judges  
that handle law enforcement surveillance requests, is growing  
skeptical of the government's authority to conduct real-time cellphone  
tracking without probable cause," says Bankston.

In criminal cases, the government's attempts to get cellphone-tracking  
data without probable cause to believe the target has committed a  
crime were denied several times in 2005 by federal judges in New York  
and Texas.

According to the documents, which the EFF obtained in a Freedom of  
Information Act lawsuit, an FBI general counsel lawyer asked on July  
21, 2006: "Can we at the collection end tell the equipment NOT to  
receive the cell site location information?"

The lawyer added a note of concern that phone companies might be  
sending along cell-site data even when they aren't asked for it. "Do  
we get it all or can we, when required, tell the equipment to not  
collect the cell-site location data?," the lawyer asked.

Separately, the secret court questioned if the FBI was using pen  
register orders to collect digits dialed after a call is made,  
potentially including voicemail passwords and account numbers entered  
into bank-by-phone applications.

Using a pen register order, the FBI can force a phone company to turn  
over records of who a person calls, or is called by, simply by  
asserting the information would be relevant to an investigation. But  
existing case law holds that those so-called "post-cut-through dialed  
digits" count as the content of a communication, and thus to collect  
that information, the FBI would need to get a full-blown wiretapping  
warrant based on probable cause.
Dcs_3000_network580_2_2
The FBI's encrypted wiretapping backbone network, DCSNet, connects 37  
FBI field offices, according to some documents. Other documents  
suggest the network now extends to 52 field offices, including  
locations in Alaska and Puerto Rico. This enhanced image is based on  
black-and-white FBI documents.
Colored photo-illustration: Frank Rodriguez

On August 7 2006, Foreign Intelligence Surveillance Court judge  
Colleen Kollar-Kotelly took the extraordinary step of ordering the FBI  
to report (.pdf) on how its sophisticated phone wiretapping system,  
known as Digital Collection System, handled those extra digits and  
whether it stored them in a centralized data-mining depository known  
as Telephone Application.

The documents (.pdf) show that the majority of FBI offices surveyed  
internally were collecting that information without full-blown wiretap  
orders, especially in classified investigations. The documents also  
indicate that the information was being uploaded to the FBI's central  
repository for wiretap recordings and phone records, where analysts  
can data-mine the records for decades.

EFF's Bankston says it's clear that FBI offices had configured their  
digit-recording software, DCS 3000, to collect more than the law allows.

"The FBI's configuration of DCS 3000 to collect post-cut-through  
dialed digits when conducting pen-register surveillance is flatly  
illegal under statute and raises serious Fourth Amendment questions,  
based on the unanimous decisions of two district court judges and  
three federal magistrate judges holding that such interceptions  
require a wiretap order based on probable cause," Bankston said.

The documents also reveal that the inquiry on dialed-digits collection  
wasn't the first time the secret court had queried the FBI regarding  
its use and storage of information from wiretaps. In October 2005, the  
court also asked the FBI to explain how it stored "raw" foreign- 
intelligence wiretap content and information about Americans collected  
during those wiretaps.

The government is supposed to "minimize" -- that is anonymize or  
destroy -- information gathered on Americans who aren't the targets of  
a wiretap, unless that information is crucial to an investigation.

The court wanted the FBI to explain what databases stored raw wiretaps  
(.pdf), how those recordings could be accessed, and by whom, as well  
as how minimization standards were implemented.

The documents don't reveal the answer to that question. The FBI did  
not respond to a request for comment by press time.

For more on the FBI's sophisticated wiretapping technology and how it  
links in with the nation's phone and internet infrastructure, see  
Point, Click, Eavesdrop.