Materials provided to the Electronic Frontier Foundation (EFF) indicate that in 2006, the FBI received access to e-mail from an entire computer network instead of the single e-mail address that was approved by a secret intelligence court as a part of a national security investigation.
From the New York Times:
F.B.I. officials blamed an “apparent miscommunication” with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.
Bureau officials noticed a “surge” in the e-mail activity they were monitoring and realized that the provider had mistakenly set its filtering equipment to trap far more data than a judge had actually authorized.
The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government’s wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.
But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: “It’s inevitable that these things will happen. It’s not weekly, but it’s common.”
What set of checks and balances should be used to avoid this problem? So far, the response has been that “mistakes happen,” and the offenders are often the “third-party error” on the part of the private company that “provided the F.B.I. [with] information we did not seek,” according to Valerie E. Caproni, the bureau’s general counsel.
On Feb. 15, President Bush scolded Congress for not extending the government’s authority to spy on foreign phone calls and e-mails that pass through the United States.
From the Associated Press:
A temporary law that makes it easier to carry out that spying expires Saturday night at midnight, and Bush and his top intelligence officials say the consequences are dire. Al-Qaida, Bush says, is "thinking about hurting the American people again," and would be helped if U.S. eavesdropping is hampered.
The Democrats are equally adamant. Bush has all the authority he needs to intercept terrorist communications, even if the law expires, House Speaker Nancy Pelosi said Thursday. The congressional majority is simply trying to balance concerns about civil liberties against the government's spy powers, and needs time to do it, she said.
A quirk in the temporary eavesdropping law adopted by Congress last August complicates the answer. The law allows the government to initiate wiretaps for up to one year against a wide range of targets. It also explicitly compels telecommunications companies to comply with the orders, and protects them from civil lawsuits that may be filed against them for doing so.
But while the wiretap orders can go on for a year from the time they started, the compliance orders and the liability protections go away when the law expires, says Director of National Intelligence Mike McConnell.
"There is no longer a way to compel the private sector to help us," he said Thursday in an Associated Press interview.
That is not exactly true. Even with the expiration of the law, the government can get an order from the secret Foreign Intelligence Surveillance Court to compel their cooperation. That court was created 30 years ago for just such a purpose.
The question is whether there are sufficient protections in place to safe-guard information gleaned and to avoid “over production” of information beyond the scope of the request.
About 40 lawsuits have been filed accusing AT&T, Verizon, and Sprint Nextel of violating Americans’ privacy rights in the surveillance program. As a result of Congress’ refusal to extend the temporary law passed in August past the Feb. 16 deadline, those companies may face additional exposure.
Given that there are obvious issues with legally acquired information in the inadvertent over-production by third-party providers, is the extension of the “Protect America Act” the right way to go? Democrats in Congress think that the question of automatic retroactive immunity for companies that provided private data without warrants is enough to give the law a second and more considered look.
What do you think? Are you comfortable with the idea that your private information can be handed over to the government without due process? Do you think that FISA is enough to give intelligence agencies what they need? If you were voting on the issue, how would you vote?
Internet provider gave hundreds of e-mails to FBI (Minnesota Star Tribune)