The FBI’s use of a surveillance statute to collect Americans’ phone and email records has declined since details about the program were leaked by Edward Snowden in 2013, a watchdog report has found.
The FBI’s use of Section 215 of the Patriot Act to obtain “business records” as part of national security investigations peaked in 2012, with the Foreign Intelligence Surveillance Court approving 212 orders seeking records, according to a report released Thursday by the Justice Department’s inspector general’s office.
The program was publicly disclosed in June 2013 after the former National Security Agency contractor leaked information to the press. That year, the number of orders authorized by the court dropped to 179. The number of orders approved by the court has continued to decrease annually, with 142 orders approved in 2015.
The program allowed authorities to collect information about clients from service providers, such as email or phone records — including the numbers, times and durations of calls. Outcry over the program after Mr. Snowden’s revelations led to reform the surveillance program. When Congress renewed the USA Freedom Act last year, it blocked bulk collection and storage of data.
A deputy chief within the FBI’s National Security Division partly blamed Mr. Snowden’s disclosures for the decrease in use of the provision.
“He attributed the decline in part to revelations by Edward Snowden about the U.S. government’s use of Section 215 to collect bulk telephony metadata, both in terms of the stigma attached to use of Section 215 and increased resistance from providers,” the inspector general’s report said.
Responding to the report, FBI officials told the inspector general’s office that the degree to which Mr. Snowden’s disclosure led to the decrease was speculative and said agents had come to rely more on a different statute to obtain surveillance approvals — specifically, Section 702 of the Foreign Intelligence Surveillance Act, which allows surveillance of foreigners.
Under the USA Freedom Act reforms enacted in 2015, authorities can’t collect and keep bulk telephone data in government databases. Instead, spy agencies have to ask phone companies for data — and they must submit a narrow search so it’s clear that analysts are looking for a specific person, number or group, rather than bulk collection.
Frustration with oversight of the Section 215 program and the length of time it took to approve orders under it appear to have played a role in the decline of its use even before the law’s reform.
“Agents also told the OIG that they increasingly were electing to use criminal legal process instead of FISA authority in counterterrorism and cyber investigations because of their frustrations with the lack of timeliness and the level of oversight in the business records process,” the report states.
Some were opting to open parallel criminal cases and using grand juries “to obtain the same information more quickly and with less oversight than a business records order.”
The increased reliance on other surveillance statutes or basic criminal processes raises questions from privacy rights advocates.
“We want the department to go through a process with a high level of oversight,” said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union.
If agents opt to use other surveillance statutes to obtain records because they are able to do so more easily, it raises concerns over the level of oversight of the alternative methods now favored, Ms. Singh Guliani said. If agents are falling back on basic criminal investigative practices to obtain information for national security investigations, “it raises real practical questions” about whether the specialized national security provisions are needed.
The report indicates that of the 561 records requests approved from 2012 through 2014, a median of 115 days passed from the time a field office made a records request to the FISA Court’s order.
The inspector general’s report recommends finding a way to make the process more efficient, particularly in cyberdata cases.
The FISA Court denied none of the 561 business records requests, though the report notes that some draft applications were withdrawn and not formally submitted for numerous reasons.
Large portions of the inspector general’s 68-page report were redacted.
Overall, the report found that the business record orders were used “far more frequently in counterintelligence cases than as a counterterrorism or cyber tool.” The exact figures for each type of case were redacted from the report.