DOJ’s Inspector General just released its unclassified summary of its classified report on FBI’s use of Pen Register/Trap and Trace authority.
It is rather thin, just 5 pages long. It explains what it is in the secret report.
We described the different types of pen registers that were used and the variety of information that was collected, as well as some of the technological and legal issues the Department and FBI faced with particular uses of pen register authority. We also describe the investigative circumstances under which the authority is generally used and trends in its use. The FBI and the Intelligence Community determined that much of this information is classified or “for official use only,” and therefore we cannot include it in this Executive Summary.
Our classified report also describes the FBI’s practices for storing and handling pen register information, most of which have remained substantially unchanged since our 2007 – 2009 review period, and it provides an overview of the compliance process and a summary of the compliance incidents involving the use of pen register authority that occurred from 2007 through 2009. Our classified report also includes several findings, only one of which we can describe in this unclassified Executive Summary.
The claim is rather interesting, given that documents EPIC obtained under FOIA make it clear FBI has used PRTT orders to get location data (not at all surprising given that it does so under criminal PRTTs as well), and that it has 7 exotic applications of Post Cut Through Dialed Digits. Those EPIC documents also reveal that John Bates redefined the meaning of Dialing, Routing, Addressing, and Signaling to include some content.
How is it EPIC could obtain those documents but DOJ’s IG can’t tell us what he found about these practices?
The one conclusion DOJ’s IG can share, sort of, is that FBI has problems weeding out data it shouldn’t have.
[W]e highlighted the challenges the Department faced, and still faces, in ensuring that the government collects or uses only that information that it is lawfully permitted to obtain.
We found that the Department’s National Security Division and FBI do not conduct systematic compliance reviews of pen registers, and instead rely on personnel assigned to cases involving pen registers to report any compliance violations.
The report repeatedly notes that “the government is not authorized under FISA to obtain the contents of wire or electronic communications with a pen register order.” Which, of course, we know it has, both under the NSA program, as well as under PCTDD (indeed, discussions with the FISC over both the content collection under the NSA collection and the PCTDD uses took place in 2009, within the scope of the report).
So I assume part of the problem — part of the reason why FBI treats its PRTT programs with greater secrecy than its Section 215 programs — is because it violates the law but doesn’t have the means in place to catch its own violations.
I mean, if FBI wants to declassify the proof that that isn’t true, by all means they should do so. But the available evidence suggests the FBI and government more generally is probably still violating the terms of PRTT under FISA.