DOJ: Operators helped FBI illegally obtain phone records
IDG News Service - The FBI was so cavalier -- and telecom companies so eager to help -- that a verbal request or even one written on a Post-it note was enough for operators to hand over customer phone records, according to a damning report released on Wednesday by the U.S. Department of Justice Office of the Inspector General.
The 289-page report details findings of the DOJ's investigation into the FBI's policies for requesting phone records from 2003 through 2006.
It found that in many cases the FBI issued written requests for telephone information, saying that it had secured the proper legal authority to make such requests, even though it didn't.
Also, the report found that the FBI used far more casual methods to obtain records, including verbal requests and requests written on Post-it notes.
When the FBI did use formal written requests, it did not track their use or keep copies of them, the report found.
Some telecom employees, who were based in FBI offices so as to quickly respond to such requests, said that they assumed that the requests were based on a critical national security investigation, although at least one expressed doubts about the circumstances surrounding requests. In fact, some telecom company employees were so enthusiastic to help that they would generate the formal written requests for telephone records on behalf of the FBI.
The report refers to three telecom providers that placed employees in FBI offices, but it does not name the operators.
When asked about internal policies for responding to such requests for customer information, AT&T and Verizon had no comment. Qwest did not respond to requests for comment.
The report also found that the FBI got records and calling-activity information on reporters from the Washington Post and the New York Times without complying with relevant laws. "We concluded that the FBI's acquisition of these records constituted a complete breakdown in the required department procedures for approving the issuance of grand jury subpoenas to obtain reporters' toll billing records," according to the report.
Following previous reports issued by the DOJ regarding FBI phone-record request policies, the agency made only halfhearted attempts to address the problem, the report said. From 2003 to 2007, "the FBI's actions were seriously deficient and ill-conceived and the FBI failed to ensure that it complied with the law and FBI policy when obtaining telephone records from the on site communications service providers," the report found.
However, after 2007, the agency made some serious changes that have helped, the DOJ said, although it recommended further action to ensure that the FBI does not continue to illegally obtain phone records.
In a statement, the FBI pointed out that the report does not find that any FBI employee obtained records for reasons other than legitimate investigative interest. It also said that it has purged records found to have been obtained without the proper process.
The Electronic Frontier Foundation criticized how long the illegal phone-record requests were allowed to continue and how much prodding it took for the FBI to change its policies. The EFF has filed a lawsuit against the government and said that the violations revealed in the DOJ document have not been disclosed by the FBI during the course of the ongoing lawsuit.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!