The Foreign Intelligence Surveillance Court found that the FBI may have violated the rights of potentially millions of Americans — including its own agents and informants — by improperly searching through information obtained by the National Security Agency’s mass surveillance program.

U.S. District Court Judge James E. Boasberg, who serves in the District of Columbia and the FISA court, made his sweeping and condemnatory assessment in October 2018 in a 138-page ruling, which was declassified by the U.S. government this week.

“These opinions reveal devastating problems with the FBI’s backdoor searches, which often resembled fishing expeditions through Americans’ personal emails and online messages.”

To longtime critics of the government’s mass surveillance program, the FBI’s abuses are confirmation that federal law enforcement agents are combing through the communications of Americans without warrants, in violation of Fourth Amendment protections against unreasonable searches and seizures.

“These opinions reveal devastating problems with the FBI’s backdoor searches, which often resembled fishing expeditions through Americans’ personal emails and online messages,” said Patrick Toomey, a staff attorney for the American Civil Liberties Union’s National Security Project. “But the court did not go nearly far enough to fix those abuses. The Constitution requires FBI agents to get a warrant before they go combing through our sensitive communications.”

The ruling concerns the FBI’s ability to access communications obtained through the NSA’s mass surveillance program, the existence of which was revealed in documents provided by whistleblower Edward Snowden. Critics of Snowden’s decision to leak classified NSA documents noted at the time that safeguards existed to prevent Americans’ communications from being searched improperly. The declassified FISA court ruling, however, shows that few safeguards existed at all.

The NSA’s mass surveillance program operates as a series of technologies and authorities that allow the government to intercept communications while in transit over the internet, as well as obtain communications directly from at least eight large technology companies without the need for warrants. These authorities, created in 2008 and renewed in 2018 with some minor reforms, are the result of the expansion of the Foreign Intelligence Surveillance Act. The law created the secret FISA court to oversees its application.

FBI Abuses

Under traditional FISA authorities established in 1978, the U.S. government may intercept the communications of agents of foreign governments and terrorist organizations if the intelligence community can demonstrate legal justification to the FISA court.

The expansion of FISA authorities, known as Section 702, allows for monitoring to be approved in bulk by the court through what is essentially a recipe for mass surveillance. This surveillance cannot legally target Americans but sweeps up all communications that fit the so-called selectors — akin to search terms, as well as other data based on patterns — and can produce enormous amounts of incidentally collected information, including communications from U.S. citizens. This data is stored and can later be searched by government agencies.

The declassified FISA court ruling revealed that the FBI is the most prolific miner of data about “U.S. persons,” a legal term that means any U.S. citizen or foreign national legally in the country. Queries of this data are known as “backdoor searches.” In 2017, the FBI ran approximately 3.1 million searches related to U.S. persons, compared to 7,500 combined searches by the CIA and NSA during the same year.

Many of the FBI’s searches were not legally justified because they did not involve a predicated criminal investigation or other proper justification for the search, as required by law, according to Boasberg’s FISA court ruling.

Among the abuses noted in the ruling:

• During a four-day period in March 2017, the FBI searched mass surveillance data for communications related to an FBI facility, suggesting that agents were spying on other agents.
• On one day alone, on December 1, 2017, the FBI conducted 6,800 queries using Social Security numbers.
• A contract linguist for the FBI conducted searches on himself, other FBI employees, and relatives.
• The FBI regularly used mass surveillance data to investigate potential witnesses and informants who were neither suspected of crimes nor national security concerns.

In a statement to the FISA court, the FBI blamed these problems on “fundamental misunderstandings by some FBI personnel [about] what the standard ‘reasonably likely to return foreign intelligence information’ means.”

Following Boasberg’s ruling, the Justice Department appealed to a three-judge panel that reviews FISA court decisions. After the panel affirmed the ruling, the FBI agreed to change the way agents can search FISA data.

“Assessments” Loophole

A type of FBI investigation known as an “assessment” is one of the primary reasons why the FBI is able to abuse mass surveillance data.

While the law requires that FBI searches of such data be related to investigations in which agents have reasonable suspicion that crimes are occurring or in which national security is at risk, assessments provide an enormous loophole that potentially allows agents to search through the communications of any American without a warrant.

A power created after the 9/11 attacks, assessments allow the FBI to investigate anyone — for reasons as scurrilous as an anonymous tip — suspected of being a potential national security threat. Although the law doesn’t establish a time limit, FBI policy generally limits assessments to 72 hours. Because assessments are de facto national security inquiries, the FBI has viewed this as authority to search mass surveillance data for Americans’ communications.

The FBI refers about 10,000 investigations for prosecution every year, but at the same time, agents have queried FISA data more than 3 million times in a year while investigating Americans. That suggests agents are using assessments to justify most of its backdoor searches of Americans’ communications.

The FBI is also using national security concerns to explain why it does not properly document its reasons for searching through Americans’ communications. The FBI told the FISA court that providing written justification for accessing the data, as required by law, would “hinder the FBI’s ability to perform its national security and public safety missions.”

Evidence of Parallel Construction

One line in the FISA court’s recently declassified ruling adds to a growing body of evidence that the FBI is using a process known as “parallel construction” to secretly enter evidence from the NSA’s mass surveillance program into U.S. District Court for criminal prosecutions. The evidence-gathering technique might be analogized as a way for the FBI to search a home top to bottom before even showing up at the door with a warrant.

As The Intercept revealed in November 2017, documents provided by Snowden showed that the NSA had taken credit for intercepting the communications of Fazliddin Kurbanov, an Idaho man who was convicted at trial of providing material support to the Islamic Movement of Uzbekistan and possessing bomb-making materials. But court records showed that the Justice Department claimed those communications had been acquired through traditional FISA authority, which would have required the FBI to present to the FISA court evidence that Kurbanov was a foreign agent before surveillance could be authorized.

In Kurbanov’s case, the FBI appeared to “launder” evidence obtained improperly through the NSA’s mass surveillance program by acquiring traditional FISA authority after the fact in order to reobtain the evidence through less controversial powers.

Kurbanov’s is one of a number of cases The Intercept found in which the intelligence community claimed that mass surveillance played a role in the case, while the Justice Department maintained in court records that only traditional FISA authority had been used.

In the recently declassified FISA court ruling, Boasberg noted an example that fits this pattern as an inappropriate use of FISA data. On November 11, 2017, the FBI conducted a search of mass surveillance data on “a potential recipient of a FISA order.” In other words, the FBI was able to mine mass surveillance data to find out what evidence agents would discover if they went ahead and requested the FISA order.