Advertise On EU-Digest

Annual Advertising Rates

2/25/18

USA: IS US Government Spyware Breaching Foreign Privacy Laws? Revealed: Two Secret Cogs In The FBI National Surveillance Machine - by Thomas Fox-Brewster

After 9/11, federal law enforcement and intelligence agencies were roundly criticized for failing to coordinate information that, in the aggregate, might have allowed the government to stop the attacks before they happened. Since then, the pendulum has swung in the opposite direction. The FBI has built a secretive and guarded intelligence operation, the tentacles of which stretch beyond its core task of domestic law enforcement and into the construction of the great American panopticon.

Despite the almost complete lack of transparency surrounding that effort, Forbes has uncovered two previously-undisclosed units that sources say form crucial parts of the FBI's surveillance machinery.

Known as the FBI Collections Operations Group and the FBI WiFi Group, they appear in virtually no public records. Google searches for the names return nothing. Not a single LinkedIn profile contains a reference to either.

And with the unearthing of these two units, civil liberties activists, legal experts and even former intelligence analysts are crying foul about the possibility of widespread domestic surveillance occurring across America with zero oversight.

Forbes learned about the existence of the furtive Collections Operations Group (insiders call it "the COG") from the results of a freedom of information act request filed with the FBI in 2017. That FOIA filing concerned a deal signed last year between tech contractor CDW Government and the Data Intercept Technology Unit (DITU, pronounced "dee-too") for $1.1 million in services. DITU, part of the Operational Technology Division in Quantico, Virginia, is one of the most clandestine divisions within the FBI, helping gather crucial data for investigations and intelligence. The OTD is the overarching body that oversees bleeding edge tech development for the entire FBI.

The FBI confirmed to Forbes that the COG is a sub-unit within DITU. The agency refused to comment on the specific nature of the group and its operations. But there's some tantalizing new information nonetheless: according to the FOIA response, the COG's mission "is to provide tools, expertise and solutions to effect lawfully-authorized electronic surveillance of data communications on today's evolving local area network and internet technologies. The COG is responsible for the procurement, development and deployment of network equipment to assist in electronic surveillance to various field offices and OGAs."

OGA stands for “other government agency.” As previously revealed in NSA files leaked by Edward Snowden in 2013 detailing the now-infamous PRISM espionage initiative, one of DITU's roles sees it collect data from technology and telecom companies (whether that's Facebook, Google, Microsoft or your phone and internet provider) before turning it over to intelligence agencies (which could be the DIA, CIA and NSA).

The COG is core to that intelligence sharing both within the FBI and outside the agency. Sources tell Forbes the COG is a go-between surveillance shop, setting up spy tools and associated networking across the FBI or whatever agency demands its services, and helping shift intel between them. Forbes spoke with multiple sources in the security and intelligence fields who claimed knowledge of DITU and its sub-units. All asked to remain anonymous.

"Think of it like this: it's a technical group that oversees technical capabilities so that when lawful requests are issued on providers, and the data they return needs to be analyzed, it can be converted to human-readable formats," said a person with knowledge of the COG. “Often, raw network data comes back in many forms and these teams work to make sure that the special agents and investigative teams can properly interpret the data."

What kinds of equipment does the COG build and deploy in order to capture data? Sources who previously worked in the national intelligence community say it was probably technology such as pole-mounted boxes that capture wireless network traffic, or devices installed at ISPs that vacuum up data.

As for the WiFi Group, it's another DITU sub-unit "responsible for the deployment and installation of communications equipment to support ongoing criminal, counter-terrorism and foreign counter-intelligence investigations," according to a FOIA response for another CDW contract. That 2014 deal, for unspecified surveillance equipment, was worth just $26,571.

It's easy to see why the FBI would want such capabilities. But, looking at the COG, cross-agency sharing of intelligence and surveillance resources conducted by a group unknown to the public (until now) has civil liberties folk worried.

"Unfortunately law enforcement agencies spying on their own citizens' communications is a trend that is steadily increasing around the world. When these groups operate in secret there is no way for the public to confirm that they are operating with all due legal restraint as required by their nation's laws," said Cooper Quintin, security researcher and technologist at the Electronic Frontier Foundation.

"There's far too much secrecy when it comes to the FBI's spying on Americans' internet activities. This surveillance has the potential to be very broad, putting large amounts of sensitive information in the hands of an agency responsible for domestic criminal investigations. Americans need to know more about the reach of this surveillance, how it affects them and how it is legally justified," added Patrick Toomey, staff attorney at the American Civil Liberties Union's National Security Project.

One former intelligence agency analyst who reviewed the information Forbes gathered on the COG and DITU said it appeared they were carrying out signals intelligence (SIGINT), the collection and analysis of traffic as it crosses the internet. This, intelligence geeks know, falls under the charter and thus is typically the domain of the NSA, not the FBI. (This may simply come down to semantics; SIGINT could apply to any form of data collection and analysis. Some disagree the FBI is collecting and analyzing giant sets of internet data like other government intel agencies. As one source put it: "They are not doing hardcore, NSA-type SIGINT").

"The fact that the FBI operates in multiple spaces makes this SIGINT capability extremely concerning for civil rights," the ex-analyst said. "The concerns were much less when they had the wall between intel and law enforcement… Now that there's no 'wall' separating the two, you're left to trust that information gained from intelligence activities is not being used for law enforcement."

And there's more to worry about than parallel construction. "Simply making it easier to share this data and information also worries us as in this era of big data," Joseph Lorenzo-Hall, chief technologist at the Center for Democracy & Technology, told Forbes. "There are very few assurances that the data is protected well and won't essentially be used at some point in a panopticon-like mechanism that we're seeing in places like China, where every little detail controls opportunities available to certain segments of society."

If it's to stick to the letter of the law, government agencies must obtain court approval prior to spying on targets in a criminal investigation, whether or not that investigation is borne on the back of snooping in another probe. "To put it conceptually, the government needs to have shown probable cause to obtain the court’s approval for each criminal investigation it is conducting against the individual," said a legal representative for a major technology company.

Whatever the ethical quandaries at play, the nature of DITU and its sub-units' work is, on the face of it, entirely legal. "It's certainly true that pursuant to law, the bureau can and does collect a broad range of metadata for use in both criminal cases and domestic intelligence work," said Daniel Richman, professor of law at Columbia Law School. Richman is a confidant of former FBI director James Comey, as revealed last year when he leaked memos detailing conversations Comey had with President Trump.

Richman added: "And pursuant to warrants, it has engaged in various network exploitations, what some call 'legal hacking'. Whether or not you call that collection SIGINT, the Bureau is the primary domestic intelligence agency."

The FBI declined to comment for this Forbes article.

For the complete Forbes report click here: Revealed: Two Secret Cogs In The FBI National Surveillance Machine

No comments: