Monday, February 13, 2012

Congress Left in Dark on DOJ Wiretaps

http://www.wired.com

A Senate staffer was tasked two years ago with compiling reports for a subcommittee about the number of times annually the Justice Department employed a covert internet and telephone surveillance method known as pen register and trap-and-trace capturing.

But the records, which the Justice Department is required to forward to Congress annually, were nowhere in sight.

That’s because the Justice Department was not following the law and had not provided Congress with the material at least for years 2004 to 2008. On the flip side, Congress was not exercising its watchdog role, thus enabling the Justice Department to skirt any oversight whatsoever on an increasingly used surveillance method that does not require court warrants, according to Justice Department documents obtained via the Freedom of Information Act.

The mishap is just one piece of an ever-growing disconnect between Americans’ privacy interests, and a Congress seemingly uncommitted to protecting those interests.

Pen registers obtain non-content information of outbound telephone and internet communications, such as phone numbers dialed, and the sender and recipient (and sometimes subject line) of an e-mail message. A trap-and-trace acquires the same information, but for inbound communications to a target.

The reports, recently posted on Justice Department website, chronicle a powerful surveillance tool undertaken tens of thousands of times annually by the Federal Bureau of Investigation, the Drug Enforcement Agency, the Marshals Service and the Bureau of Alcohol, Tobacco and Firearms.

The reports show that, from 2004 to 2008, the number of times this wiretapping method was employed nearly doubled, from 10,885 to 21,152. Judges sign off on these telco orders when the authorities say the information is relevant to an investigation. No probable cause that the target committed a crime — the warrant standard — is necessary.

The Justice Department, beginning in late 2010, has only published the reports from 2004 to 2009, the year it obtained 23,895 judicial orders to conduct such surveillance. It did not immediately comment on whether the 2010 and 2011 reports have been compiled and sent to Congress, or explain why the mishap occurred.

Internet security researcher Christopher Soghoian recently obtained e-mails via a two-year FOIA process confirm for the first time that Congress was left out of the loop for at least the years 2004 to 2008. Using FOIA, he and others have crowbarred from the Justice Department the reports from 1999 to 2009.

“This is an important surveillance tool,” Soghoian said in a telephone interview. “In addition to showing that DOJ is lazy and not obeying the law, the most notable thing here is that Congress was asleep at the wheel.”

The handful of government e-mails (.pdf) Soghoian obtained confirm for the first time that Congress was left out of the loop for at least the years 2004 to 2008. A law review article suggests the same for years 1999 through 2003.

Soghoian provided the nine pages of e-mail to Wired.

They show that, in September of 2009, a staffer for then-Sen. Russ Feingold sent an e-mail to the Justice Department’s Mark Agrast, the deputy assistant attorney general for legislative affairs. The staffer, Lara Flint, was seeking “the last few” reports for a subcommittee of the Senate Judiciary Committee.

“Any help you can provide would be much appreciated,” Flint wrote Agrast.

Three months later, Agrast sent them over to Flint only after Agrast had learned from Mythili Raman, who was the DOJ’s principal deputy assistant attorney general for the criminal division, that no reports were filed.

“Although there was an annual reporting requirement, apparently, no one had been actually fling the annual report,” Raman wrote Argast in a December 2009 e-mail.

Agrast did not immediately return a telephone message from Wired seeking comment.

To be sure, even had Congress obtained the data, it’s hard to imagine that it would have mattered.

Consider that the House and Senate punted in May on revising the controversial Patriot Act adopted in the wake of 9/11. Congress extended three expiring spy provisions for four years without any debate.

The three provisions extended included:
The “roving wiretap” provision allows the FBI to obtain wiretaps from a secret intelligence court, known as the FISA court (under the Foreign Intelligence Surveillance Act) without identifying the target or what method of communication is to be tapped.
The “lone wolf” measure allows FISA court warrants for the electronic monitoring of a person for any reason — even without showing that the suspect is an agent of a foreign power or a terrorist. The government has said it has never invoked that provision, but the Obama administration said it wanted to retain the authority to do so.
The “business records” provision allows FISA court warrants for any type of record, from banking to library to medical, without the government having to declare that the information sought is connected to a terrorism or espionage investigation.

The Electronic Communications Privacy Act is the law that requires the DOJ’s pen-register reporting. It turned 25 years old in October.

Another feature of that law had once protected Americans’ electronic communications from the government’s prying eyes, but it has become so woefully outdated that it now grants the authorities nearly carte blanche powers to obtain Americans’ e-mail stored in the cloud, such as in Gmail or Hotmail — without a court warrant.

Congress has shown no interest in amending the law to afford Americans their privacy, despite calls from some of the nation’s largest tech companies and civil rights groups to do so.

In October, Vermont Sen. Patrick Leahy, the Democratic chairman of the powerful Senate Judiciary Committee who had originally sponsored ECPA during the Ronald Reagan administration, promised to hold hearings on ECPA reform before his committee by year’s end. He never called a hearing, despite saying “this law is significantly outdated and outpaced by rapid changes in technology.”

As Soghoian sees it, none of this is surprising.

“Privacy is a hot topic,” he said. “Congress is in the dark.’

No comments: