Ever since Edward Snowden turned whistle-blower and first revealed the extent of the US Government’s mass surveillance of its own people, American authorities have been seeking to play the issue down.
We have been reassured time and again that this data was only used when necessary in identifying terrorists and other specific offenders.
The truth, which has been revealed this week in declassified court documents appears to be very different. It suggests that FBI officers were searching through this data almost at their leisure. In doing so, they could have breached the constitutional rights of millions of American citizens.
The Foreign Intelligence Surveillance Courts revelations
Even if you are an American, it is quite likely that you have never heard of the Foreign Intelligence Surveillance Court (FISC). There is no reason why you should have. It is a secret court with a narrow remit on surveillance for intelligence purposes. It sits in private and it’s ruling are usually classified.
Until they are declassified that is, which is what happened this week to a ruling handed down in October of last year by U.S. District Court Judge James E. Boasberg, who also sits on the FISC.
His ruling runs to 138 pages and contains some sweeping condemnations of the US government’s mass surveillance programme and specifically the FBI’s handling of the data.
The mass surveillance program in question is run by the National Security Agency (NSA). It permits them to intercept all online communications and data and also requires eight of the USA’s largest tech and telco companies to hand over all user data without a warrant.
That is likely to be enough to have many American’s reaching to switch on their VPN but stick with it because it gets worse when you find out what is happening to this data.
How the FBI abuses FISA
Under the controversial section 702 of the Foreign Intelligence Surveillance Act (FISA), US authorities are permitted to monitor internet communications in bulk but they cannot legally target American citizens in this practice.
In reality, this programme ‘accidentally’ sweeps up a huge amount of data about US citizens and FISA allows for this data to be held and accessed by various government agencies.
The most prolific user of this data is the Federal Bureau of Investigation (FBI). In 2017, the CIA and NSA ran a combined total of 7,500 searches for US Persons, a legal term meaning US citizens and foreigners residing legally in the USA. During the same time period, the FBI ran more than 3.1 million.
As the FISC has revealed, many of these searches did not involve any criminal investigations or any formal legal justification whatsoever. The declassified ruling reveals a snapshot of how the FBI was abusing this data.
On a single day, December 1st 2017, FBI agents ran no fewer than 6,800 data searches using social security numbers. Over a four-day period in March 2017, numerous searches for communications relating to an FBI facility took place. This appears to be the FBI spying on its own agents.
The data was routinely used by the FBI in investigating potential witnesses and informants who were never suspected of a crime or deemed a national security threat.
Most shockingly of all, one FBI contractor was able to use the data to run searches on himself, his family, and his fellow employees.
The ‘Assessments’ loophole
The FBI was sheepish in its statement to the court about these abuses. They blamed the problems on “fundamental misunderstandings by some FBI personnel [about] what the standard ‘reasonably likely to return foreign intelligence information’ means.”
The problems seem to have primarily arisen as a result of a type of FBI investigation known as an “assessment”. Assessments are a type of investigation created in the wake of 9/11 which allows the FBI to investigate anyone, even on the basis of a single tip, if they might be considered a national security threat.
Because assessments are classified as national security issues, the FBI has viewed them as a reasonable cause for searching through mass communications.
However, it is clear this loophole has been abused. The FBI sends around 10,000 assessments for prosecution each year. But it has run in excess of 3 million data searches.
The ruling also contains evidence that the FBI has been using this loophole to run searches to ascertain what evidence they would find if they chose to request formal access to the information through a FISA request.
Keep your data secure and private in the USA
Sadly the revelations contained in this declassified FISC ruling will not come as a big surprise to many. It had already been assumed by most observers that the FBI and other US law enforcement agencies were routinely stretching the boundaries of the loose safeguards that exist around US mass surveillance gathering.
That suspicion has now been confirmed and while the FBI will try and pass it off as a few loose cannons who didn’t understand the rules, the numbers show that this was a systemic and possibly deliberate misuse of the data.
Make no mistake, in using this data in this way, the FBI has acted unlawfully and has breached the constitutional rights of all affected Americans enshrined in the fourth amendment of the US constitution which protects them from “unreasonable searches”.
That doesn’t mean the practice is going to stop though and who knows what other illegal searches are happening that haven’t already come to light.
The message to US-based internet users is clear. If you don’t want the FBI snooping through your personal communications data at their leisure, you have to take steps to protect yourself online.
That means using encrypted messaging tools and a VPN to make sure everything you do online is encoded and secure as possible.