The Willful FBI 702 Violation No One Admitted

In today’s 702 hearing, both Senators and (most) witnesses repeated over and over that while there had been compliance problems, there had been no willful violations.

I think that as of Rosemary Collyer’s recent opinion, that can no longer be said to be true. Among the violations she laid out, she described an “improper disclosure of raw information” to a contractor in a way that violated minimization procedures (starting on page 83).

Apparently, the FBI (possibly in a fusion center or JTTF situation) had provided access to raw data to an entity “largely staffed by private contractors” to obtain analytical assistance. The contractors’ access to raw data “went well beyond what was necessary to respond to the FBI’s requests.” Collyer considered their access under the provision of FBI SMPs that permit sharing of information for technical assistance, but she noted, “their access was not limited to raw information for which the FBI sought assistance and access continued even after they had completed work in response to an FBI request.”

FBI also appears to have delivered data to a non-Federal agency (it appears to be some kind of tech contractor) where employees were not under the direct supervision of FBI employees.

With one of these violations (it appears, though is not certain, to be the second one), the decision to give improper access to contractors “was the result of deliberate decisionmaking” supported by an interagency memorandum of understanding. As Collyer notes, “such a memorandum of understanding could not override the restrictions of Section 702 minimization procedures.”

The Intelligence Committees started requiring copies of all interagency IC related MOUs last year; this may be one reason why. Nevertheless, that doesn’t change the history, that FBI at an institutional level made a decision to provide (apparently small amounts of) data to people outside of the minimization procedures.

I don’t think witnesses and Senators can claim they know of no willful violations anymore.

2 replies
  1. SpaceLifeForm says:

    OT: Todays malware attack

    Called Petyawrap/Petya/NotPetya/Xdata

    Apparently two variants floating around.

    The bitcoin ransom email drop already dead.

    If you got infected, do NOT let CHKDSK run. Power off.

    You will need a live DVD/USB to recover.

    That is all I have at this point.

    Note that machines that were updated for Wannacry were still hit. Suspect due to hole in Windows Defender, now allegedly fixed, but likely not avail til next patch tuesday. Two weeks from now.

    • SpaceLifeForm says:

      Symantec says due to EternalBlue. Not buying. Kapersky not pointing at EternalBlue at this time.

      No reports from China. Not hit or covering up?

Comments are closed.