Problems With E-Mail Surveillance Program Led to Mishandling of al Qaeda Probe in 2000, Memo Says
by Dan Eggen, Washington Post
The FBI mishandled a surveillance operation involving Osama bin Laden’s terror network two years ago because of technical problems with the controversial Carnivore e-mail program, part of a “pattern” indicating that the FBI was unable to manage its intelligence wiretaps, according to an internal bureau memorandum released yesterday.
An attempt in March 2000 to secretly monitor the e-mail of an unidentified suspect went awry when the Carnivore program retrieved communications from other parties as well, according to the memo, which was obtained by the Electronic Privacy Information Center (EPIC), a Washington-based advocacy group opposed to the technology.
Carnivore, which has been renamed DCS1000, is a computer program that allows investigators to capture e-mails sent to and from criminal and terrorist suspects. But the newly released memo indicates that, in at least one case, the program also retrieved e-mails from innocent people not involved in the investigation.
The incident joined a rapidly growing list of alleged FBI mistakes made before Sept. 11, including evidence that FBI headquarters bungled the quest for a search warrant in the Zacarias Moussaoui case and ignored pointed warnings from an Arizona field agent about terrorists in flight training. It also invited fresh criticism of Carnivore, a program already derided by civil libertarians, and cast doubt on repeated FBI assurances that the program provides a “surgical” ability to grab targeted e-mails out of cyberspace.
“Carnivore is a powerful but clumsy tool that endangers the privacy of innocent American citizens,” said David Sobel, general counsel for EPIC, which obtained the memo through a lawsuit filed under the Freedom of Information Act. “We have now learned that its imprecision can also jeopardize important investigations, including those involving terrorism.”
FBI spokesman John Collingwood said yesterday that the case was a rare mistake that resulted from technical problems encountered by an Internet service provider, not by the FBI.
“This is an uncommon instance where a surveillance tool, despite being tested and employed with the assistance of a service provider, did not collect information as intended,” Collingwood said.
The one-page memo at issue, dated April 5, 2000, and sent via e-mail, was intended to outline the problems that had arisen in a Denver terrorism case for Marion “Spike” Bowman, the FBI’s associate general counsel for national security. Yesterday, Bowman declined to comment and authorities declined to identify the memo’s author or provide further details about the case.
The probe involved the FBI team that investigates suspected operatives of the al Qaeda network. It is known as the Usama bin Laden, or UBL, unit for the agency’s spelling of the al Qaeda leader’s name. The same unit has come under congressional scrutiny in recent weeks over its role in shelving a July 2001 memo from Phoenix FBI agent Kenneth Williams, who had suggested that al Qaeda members might be infiltrating aviation schools and requested that the FBI canvass them for Middle Easterners.
In the latest case to come to light, the UBL unit acquired in March 2000 a warrant under the Foreign Intelligence Surveillance Act (FISA) for use against a suspect in an investigation based in Denver, according to the memo released yesterday.
The names of the suspect and all others in the memo, except for Bowman’s, were redacted from the copy provided to EPIC.
The memo says that on March 16, 2000, the Carnivore “software was turned on and did not work properly,” capturing e-mails involving both the target and others unconnected to the case.
The memo goes on to say that “the FBI technical person was apparently so upset that he destroyed all the E-Mail take, including the take” from the target. Collingwood, the FBI spokesman, said that the memo is incorrect and that the e-mails gathered in the operation were kept and remain under seal in the court that administers secret wiretaps.
The memo makes clear that the Justice Department’s Office of Intelligence Policy and Review (OIPR), which oversees FISA warrants, was enraged by the blunders in the case, in part because the Justice Department office was allegedly not told that Carnivore was considered experimental at the time.
Referring to an official at OIPR, the memo’s author says: "[To] state that she is unhappy with [the International Terrorism Operations Section] and the UBL Unit would be an understatement of incredible proportions.”
The memo also refers to an electronic communication outlining other “FISA mistakes” and alleges “a pattern of occurrences which indicate to OIPR an inability on the part of the FBI to manage its FISAs.”
One law enforcement official said last night that the passage may be referring to the ongoing problems with the affidavits submitted by the FBI to the Foreign Intelligence Surveillance Court, which approves surveillance requests. The court barred one FBI agent from submitting affidavits in late 2000 because of misrepresentations, and a broad review found similar problems in other cases, sources said.
The FBI has been using the Carnivore system for almost three years, subject to court authorization, to tap into Internet communications, to identify e-mail writers online and to record the contents of messages. It does so by capturing “packets” of information containing those details.
Civil liberties advocates and some lawmakers have expressed concerns because the system could scan private communication on the legal activities of people other than those under investigation. But agency officials have said repeatedly in response to criticism that the system poses no threat to privacy because it can take narrow, targeted slices of communication.
That’s what FBI officials told Congress in the summer of 2000, only a few months after the botched surveillance effort in the Denver case.
Shortly before the Sept. 11 terrorist attacks, an FBI spokesman said the agency rarely used Carnivore because Internet service providers had become so adept at meeting the technical demands of approved surveillance of suspects’ Internet traffic. The agency said it had used Carnivore only twice from January through mid-August.
Since then, the agency has repeatedly declined to discuss the number of times the system has been used in recent months, saying that the records of Carnivore’s use are exempt from disclosure laws.