FBI’s e-mail surveillance tool flawed
May 29, 2002
ACCORDING TO a March 2000 memo to FBI headquarters, the surveillance device, once known as Carnivore, not only picked up the e-mails of its target “but also picked up e-mails on non-covered targets.
“The FBI technical person was apparently so upset that he destroyed all the e-mail take, including the take on” the suspect, whose name is redacted.
The memo, from federal law enforcement agents in Denver to M.E. Bowman, the FBI’s associate general counsel for national security, refers to the “UBL Unit,” an FBI team that investigates bin Laden’s agents in the United States. The specific target is not named.
NO COMMENT FROM FBI
FBI spokesman Paul Bresson refused to identify the case, citing national security concerns. He said the bureau has no comment on the documents, but said the Denver e-mail was not an official report.
The episode was described in documents made public through a Freedom of Information Act request filed by the Electronic Privacy Information Center, a Washington advocacy group. The material was not included in an original release, but only became public after a federal judge ordered the bureau to give out more documents.
The memo surfaced as the FBI was addressing concerns it mishandled intelligence on terrorism groups before the Sept. 11 attacks. The agency is to form a new office of intelligence and strengthen its oversight of counterterror investigations. Attorney General John Ashcroft and FBI Director Robert Mueller were expected to outline high-profile changes Wednesday at the FBI’s headquarters, including closer ties to the CIA and an overhaul of the FBI’s outdated computer systems.
Privacy groups and members of Congress have complained that the FBI’s e-mail wiretap device has the potential to collect more information than allowed by a warrant.
“Here’s confirmation of the fact that not only did it do that, but it resulted in a loss of legitimately acquired intelligence,” said David Sobel, general counsel of EPIC, which sued to get the documents released.
‘GET ITS ACT TOGETHER’
Sen. Charles Grassley, R-Iowa, an FBI critic, said, “Whether it’s a bungled software program or obstinate bureaucrats, the FBI needs to get its act together.”
A Justice department official, speaking on condition of anonymity, said Tuesday night that the e-mails were not destroyed. The official did not elaborate or try to reconcile the statement with the memo.
The unintended targets of the FBI’s snooping may have deserved notification that the mistake was made, the FBI memo said.
The unnamed author of the e-mail said Denver agents installed Carnivore on March 16, 2000, but the device did not work correctly. Agents got authorization to install Carnivore using the Foreign Intelligence Surveillance Act, designed to battle espionage.
The technician had no supervision, the e-mail author says.
Henry H. Perritt, who led a team authorized by the FBI to review Carnivore, said he was surprised the technician deleted the e-mails.
“The collection is supposed to be retained for judicial review,” Perritt said. “If an agent simply deleted a whole bunch of files without the court instructing, that’s not the way it’s supposed to work.”
Another document released through the privacy group’s request explains the bureau’s policy for overcollection on a surveillance warrant. The memo, dated just a week after the Denver e-mail, says the e-mails should be kept under seal so that senior FBI officials can figure out how the wiretap went wrong.
Authorities have used Carnivore-type tools more than 25 times in all types of criminal cases, to catch fugitives, drug dealers, extortionists and suspected foreign intelligence agents. Carnivore is now called DCS-1000.
Perritt’s review panel recommended that the FBI change Carnivore so that it is more difficult to accidentally collect too much information. They also said Carnivore needs a stronger audit mechanism so it could be traced back to individual FBI technicians.
The FBI has not announced any changes to the system.
Copyright © 2002 Associated Press.