Privacy

FBI delayed privacy protection rules for Section 215 data, says IG

NSA protest in front of Capitol

The FBI dragged its heels in developing processes to minimize the dissemination of non-public information on Americans held in law enforcement databases and collected under the auspices of Section 215 of the Patriot Act, according to a recent report by the Justice Department Office of Inspector General.

The report is a historical look at the FBI's requests for data under Section 215 authority from 2007-2009, and it examines the processes put in place by the FBI to safeguard the privacy of individuals whose information was swept up in the collection of business records ordered by the FBI for its own investigation and for use by intelligence agencies.

Technological advances and growth in the use of the Internet have "expanded the quantity and quality of electronic information available to the FBI," per the 77-page report. "Materials produced in response to Section 215 orders now range from hard copy reproductions of business ledgers and receipts to gigabytes of metadata and other electronic information," the report notes.

The public had little understanding of how these authorities were used until the leaks of classified intelligence documents by Edward Snowden in 2013, which led to the declassification of some of the 215 programs, including the bulk collection and storage of telephone metadata from domestic carriers by the National Security Agency. Though the NSA maintains and queries that data, it is the FBI that ordered its collection and delivery. The OIG report cautioned that there is no fixed definition of metadata in use.

"Metadata generally is considered to exclude the content of communications. However, [Justice Department and FBI national security attorneys] told us that the terms used to define metadata themselves lack standardized definitions and that applying them to rapidly changing technology can be difficult," the report says. The OIG said it would continue to keep an eye on the FBI's use of metadata, as the Bureau uses 215 authority to sweep up ever larger collections.

The OIG found that by August 2013, the FBI had put in place minimization procedures that were ordered in the 2006 reauthorization of the Patriot Act. The heavily redacted unclassified version of the report does not specify what those procedures are, except to note that agents are required to review material before uploading to FBI databases to make sure that the documents and other material returned were "responsive to Section 215 orders" and "included procedures for handling overproduced material."

The report was critical of the amount of time the FBI took to develop the procedures. "Given the significance of minimization procedures in the Reauthorization Act, we do not believe it should have taken 7 years for the Department to develop minimization procedures or 5 years to address the OIG recommendation that the Department comply with the statutory requirement to develop specific minimization procedures designed for business records," the report found.

In June 2009, the Foreign Intelligence Surveillance Court, which authorizes the collection of information under Section 215, began to require the FBI to report on the implementation of interim minimization procedures put in place after the 2006 reauthorization. The IG report found that "the FBI retained nearly all of the material" produced in response to 215 orders. Additionally, the FBI disseminated material via the FBI's case management systems to its own personnel, and made it available to U.S. intelligence agencies and foreign governments. The minimization rules permit the FBI to keep material that is determined to be "foreign intelligence information" or "necessary to understand foreign intelligence information." Per the OIG report, these terms were not strictly defined in the interim guidance.

The FBI's authority under Section 215 is due to expire on June 1. The House  passed a bill that would curtail some of the government's authority to maintain databases derived from bulk collection of business records. If the Senate does not pass that measure, it seems unlikely that a compromise could be voted on and signed into law before the authorities expire.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.