Does FBI EVER Age Off Its Section 702 Data?

The Privacy and Civil Liberties Oversight Board has released the transcript of the first panel from its hearing on Wednesday.

And while I was concerned by the following exchange — between Principal Deputy Assistant Attorney General Brad Wiegmann and PCLOB Chair David Medine — in real time, I find it even more troubling on second pass.

MR. MEDINE: And could you address why the minimization procedures make it a reasonable form of collection under the Fourth Amendment?


MR. WIEGMANN: You have retention rules. I believe in some cases, for NSA for example, you have a five year retention limit on how long the information can be retained. And so these are procedures that the courts have found protect U.S. privacy and make the collection reasonable for Fourth Amendment purposes.

MR. MEDINE: And under the minimization procedures I understand that the agency, the NSA, FBI, the CIA have their own minimization procedures and they’re not the same with each other?

MR. WIEGMANN: That’s right.

MR. MEDINE: Can you address why that shouldn’t be a concern that this information is not being subjected to the same minimization standards?

MR. WIEGMANN: So each of them have their own minimization procedures based on their unique mission, and the court reviews each of those for CIA, FBI, NSA, and it’s found them all reasonable for each different agency. They’re slightly different based on the operational needs, but they’re similar.

MR. MEDINE: Would it make more sense then if the same set of minimization procedures apply across the board for this kind of information?

MR. WIEGMANN: I don’t think. Again, just to contrast, for example, FBI and NSA that are using information in different ways. The FBI has a little more latitude with respect to U.S. person information in terms of criminal activity and evidence of a crime than NSA, which doesn’t have that law enforcement mission. So I think it is important to have some differences between the agencies in terms of how they handle the information.

We know what the NSA minimization procedures look like. Not only do they permit dissemination use of US person data in more than the examples described by Wiegmann, they’re frightfully permissive on other points (such as the retention of data for technical database purposes, or the limits on Attorney-Client privilege). Moreover, they permit the retention of data because of a threat to property, a clear expansion on the legal requirements.

But from Wiegmann’s description, it sounds like FBI’s minimization procedures (which are used as a basis for National Counterterrorism Center’s minimization procedures) are worse. Worse because they permit FBI even more leeway to use FISA authorized data in criminal investigations.

And worse because it’s not clear whether there’s even any retention time limits. Indeed, if you watch the clip above, it might be more accurate to punctuate that data retention sentence this way:

You have retention rules, I believe, in some cases. For NSA, for example, you have a five year retention limit.

In any case, the comment seems to suggest that in other cases — like, perhaps, the FBI and derivatively NCTC — you don’t have temporal limits. That would be consistent with FBI’s retention of many kinds of investigative data forever. But it would mean a great deal of data involving innocent Americans collected without a warrant remains in the FBI’s hands forever.

And all that’s before you consider that FBI has always, since the passage of FISA Amendments Act (or at least the first certifications later that year), been permitted to conduct backdoor searches on incidentally collected data. So they may not only be keeping this data forever, but performing warrantless back door searches on it.

3 replies
  1. orionATL says:

    and then there are these databases – making money off of privacy invasion:

    but of course we know, because our supreme court has told us so, that where one travels is not private information (unless one is affiliated with certain government agencies).

    thus we have a 1984 scenario in which some public employee movements and activities can be labeled “privacy protected”, but private persons’ movements and activities that occur “in public” are not “privacy protected”, simply because they’re occuring “in public”.

    is this a country with great constitutional traditions or what?

Comments are closed.