Does the FBI track cellphone users' physical movements without a warrant? Does the Bureau store recordings of innocent Americans caught up in wiretaps in a searchable database? Does the FBI's wiretap equipment store information like voicemail passwords and bank account numbers without legal authorization to do so?
That's what the nation's Foreign Intelligence Surveillance Court wanted to know, in a series of secret inquiries in 2005 and 2006 into the bureau's counterterrorism electronic surveillance efforts, revealed for the first time in newly declassified documents.
The inquires are the first publicly known questioning of the FBI's post-9/11 surveillance activities by the secret court, which has historically approved nearly every wiretap application submitted to it. The court handles surveillance requests in counterterrorism and foreign espionage investigations. The inquiries add to questions surrounding how the FBI has used the broad powers handed to it by Congress in the 2001 USA Patriot Act, including the FBI's admitted abuse of so-called National Security Letters to get stored telephone and financial records.
Among other things, the declassified documents reveal that lawyers in the FBI's Office of General Counsel and the Justice Department's Office of Intelligence Policy Review queried FBI technology officials in late July 2006 about cellphone tracking. The attorneys asked whether the FBI was obtaining and storing real-time cellphone-location data from carriers under a "pen register" court order that's normally limited to records of who a person called or was called by.
The internal inquiry seems to have preceded, and was likely prompted by, a secret court hearing on the matter days later. Kevin Bankston, a lawyer with Electronic Frontier Foundation, says the documents suggest that the nation's spy court shares the reluctance of federal criminal courts to turn everyday cellphones into tracking devices, in the absence of evidence that the target has done something wrong.
"I hope that this signals that the FISC, like many magistrate judges that handle law enforcement surveillance requests, is growing skeptical of the government's authority to conduct real-time cellphone tracking without probable cause," says Bankston.
In criminal cases, the government's attempts to get cellphone-tracking data without probable cause to believe the target has committed a crime were denied several times in 2005 by federal judges in New York and Texas.
According to the documents, which the EFF obtained in a Freedom of Information Act lawsuit, an FBI general counsel lawyer asked on July 21, 2006: "Can we at the collection end tell the equipment NOT to receive the cell site location information?"
The lawyer added a note of concern that phone companies might be sending along cell-site data even when they aren't asked for it. "Do we get it all or can we, when required, tell the equipment to not collect the cell-site location data?," the lawyer asked.
Separately, the secret court questioned if the FBI was using pen register orders to collect digits dialed after a call is made, potentially including voicemail passwords and account numbers entered into bank-by-phone applications.
Using a pen register order, the FBI can force a phone company to turn over records of who a person calls, or is called by, simply by asserting the information would be relevant to an investigation. But existing case law holds that those so-called "post-cut-through dialed digits" count as the content of a communication, and thus to collect that information, the FBI would need to get a full-blown wiretapping warrant based on probable cause.
On August 7 2006, Foreign Intelligence Surveillance Court judge Colleen Kollar-Kotelly took the extraordinary step of ordering the FBI to report (.pdf) on how its sophisticated phone wiretapping system, known as Digital Collection System, handled those extra digits and whether it stored them in a centralized data-mining depository known as Telephone Application.
The documents (.pdf) show that the majority of FBI offices surveyed internally were collecting that information without full-blown wiretap orders, especially in classified investigations. The documents also indicate that the information was being uploaded to the FBI's central repository for wiretap recordings and phone records, where analysts can data-mine the records for decades.
EFF's Bankston says it's clear that FBI offices had configured their digit-recording software, DCS 3000, to collect more than the law allows.
"The FBI's configuration of DCS 3000 to collect post-cut-through dialed digits when conducting pen-register surveillance is flatly illegal under statute and raises serious Fourth Amendment questions, based on the unanimous decisions of two district court judges and three federal magistrate judges holding that such interceptions require a wiretap order based on probable cause," Bankston said.
The documents also reveal that the inquiry on dialed-digits collection wasn't the first time the secret court had queried the FBI regarding its use and storage of information from wiretaps. In October 2005, the court also asked the FBI to explain how it stored "raw" foreign-intelligence wiretap content and information about Americans collected during those wiretaps.
The government is supposed to "minimize" -- that is anonymize or destroy -- information gathered on Americans who aren't the targets of a wiretap, unless that information is crucial to an investigation.
The court wanted the FBI to explain what databases stored raw wiretaps (.pdf), how those recordings could be accessed, and by whom, as well as how minimization standards were implemented.
The documents don't reveal the answer to that question. The FBI did not respond to a request for comment by press time.
For more on the FBI's sophisticated wiretapping technology and how it links in with the nation's phone and internet infrastructure, see Point, Click, Eavesdrop.