In their stories catching up to my past reporting on the Semiannual Compliance Report‘s discussion of backdoor searches, the Guardian and NYT focus on NSA and (in the case of the NYT) CIA. Neither mentions that the FBI also does such back door searches, and has had the authority to do so longer than the foreign intelligence agencies.
That may be because Ron Wyden always focuses on the NSA, and as a result James Clapper mentioned the NSA in his letter to Wyden.
The public record makes clear that FBI has this authority. A footnote to one of the paragraphs describing oversight over NSA and CIA’s back door searches explains that “FBI’s minimization procedures had already provided that agency the ability,” followed by redacted descriptions.
When Bates approved back door searches in his October 3, 2011 opinion, he pointed to FBI’s earlier (and broader) authorities to justify approving it for NSA and CIA. While the mention of FBI is redacted here, at that point it was the only other agency whose minimization procedures had to be approved by FISC, and FBI is the agency that applies for traditional FISA warrants.
[redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted]. In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definitions of minimization procedures at 50 U.S.C. §§ 1801(h) and 1821(4). It follows that the substantially-similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.
So since 2008, FBI has had the ability to do back door searches on all the FISA-authorized data they get, including taps targeting US persons.
When I saw ODNI’s tweets (above) admitting to back door searches, I realized that ODNI treated classification of FBI’s back door searches differently than it did CIA and NSA’s. In addition to the redactions in the footnote above, it also redacted its description of the review of FBI’s back door searches.
Indeed, Clapper’s letter only admits to back door searches of data collected on foreign targets, not American ones.
As reflected in the August 2013 Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702, which we declassified and released on August 21, 2013, there have been queries, using U.S. person identifiers, of communications lawfully acquired to obtain foreign intelligence by targeting non U.S. persons reasonably believed to be located outside the U.S. pursuant to Section 702 of FISA.
Yet Bates makes it clear (even though the reference to FBI is redacted) that FBI can even back door search data collected in the United States on US persons.
Given how little we know about back door searches, it’s hard to know which is worse. As Bates notes, there will likely be more Americans’ records accessible via a back door search off an American target. But at least in that case, FISC has found there is probable cause to believe the target is a foreign agent or terrorist. Under Section 702, the Agencies can collect data on people without that same level of proof, and do so in much greater volume. Certainly, Ron Wyden and Mark Udall seem primarily concerned about the Section 702 targeting (which includes the FBI, as the Compliance report makes clear).
Still, Clapper’s greater secrecy about FBI’s back door searches makes me worried they are in some way even worse.