Newly Released Documents Detail FBI’s Plan to Expand Federal Surveillance Laws
EFF just received documents in response to a 2-year old FOIA request for information on the FBI’s "Going Dark" program, an initiative to increase the FBI's authority in response to problems the FBI says it's having implementing wiretap and pen register/trap and trace orders on new communications technologies. The documents detail a fully-formed and well-coordinated plan to expand existing surveillance laws and develop new ones. And although they represent only a small fraction of the documents we expect to receive in response to this and a more recent FOIA request, they were released just in time to provide important background information for the House Judiciary Committee’s hearing tomorrow on the Going Dark program.
We first heard about the FBI’s Going Dark program in 2009, when the agency’s Congressional budget request included an additional $9 million to fund the program (on top of the $233.9 million it already received). Late last year, the New York Times linked the program to a plan to expand federal surveillance laws like the Communications Assistance to Law Enforcement Act (CALEA). We issued FOIA requests to the FBI in 2009 for information on Going Dark and in 2010 for information on the agency’s plans to update CALEA. These are the first documents we’ve received since we filed our lawsuit against the agency late last year. The documents provide rare insight into the agency’s multi-year strategy to increase its power to surveil our communications.
Here’s What the Documents Show:
What is the "Going Dark" Program?
The name "Going Dark" is cryptic, and the FBI’s public statements about the program are even more so. Nevertheless, FBI’s Operational Technology Division states that the program is one of the FBI’s "top initiatives" and has "gotten attention so far from high ranking officials in other federal, state, and local agencies and from industry." (GD4, p. 110).1 The FBI has told reporters in emails that Going Dark is:
the program name given to the FBI’s efforts to utilize innovative technology; foster cooperation with industry; and assist our state, local, and tribal law enforcement partners in a collaborative effort to close the growing gap between lawful interception requirements and our capabilities.
(GD2, p1). The FBI has also said that the term "Going Dark" does not refer to a specific capability,
but is a program name for the part of the FBI, Operational Technology Division's (OTD) lawful interception program which is shared with other law enforcement agencies. The term applies to the research and development of new tools, technical support and training initiatives.
(GD2, p 8). Behind this rhetoric, the documents detail a program set up to address the FBI’s allegations that communications providers’ technologies prevent the agency from implementing wiretap and pen register/trap and trace orders – essentially, the FBI alleges it is "'in the dark' by the loss of evidence, that [it] would be lawfully entitled to, due to advances in technology, antiquated ELSUR laws, and or lack of resources, training, [and] personnel," (GD4, p. 120), and the FBI needs new laws and new tools to bring this evidence into the light.
The FBI’s "Five-Prong" Going Dark Strategy
The FBI states the Going Dark program is a "five-prong strategic approach to address the lawful 'Intercept capability gap'" (GD3, p. 10). These five prongs are:
- modernization /amendment of existing laws,
- enhancing authorities to protect industry proprietary and [law enforcement] sensitive lawful intercept information, equipment and techniques,
- enhancing [law enforcement] agencies' coordination leveraging technical expertise of FBI with other [law enforcement] entities,
- enhancing lawful intercept cooperation between the communications industry and [law enforcement agencies] with a "One Voice" approach, and
- seeking new federal funding to bolster lawful intercept capabilities.
(GD3, p. 10). Originally it seemed the FBI was focused on just updating CALEA (which could be bad enough if it included some of the things we wrote about here), but now it appears the FBI plans to seek changes to the Electronic Communications Privacy Act (ECPA) and other laws, and may also propose new laws. For example, another document we received notes under Prong 1 that "Existing lawful intercept laws (e.g., Title III of the Omnibus Crime Control and Safe Streets Act, Electronic Communications Privacy Act [ECPA], and the Communications Assistance for Law Enforcement Act [CALEA]) require modernization as a result of advancements in communications services and technologies." (GD1, pp. 38-40). And another document breaks the FBI’s legislative strategy down into two categories:
- modernizing the Federal ELSUR [electronic surveillance] assistance mandates and Federal ELSUR laws and
- enacting new ELSUR-enhancing statutory authorities.
(GD1, p. 13). This is the first hard evidence we've seen that the FBI is pushing to update ECPA in addition to CALEA, and it is concerning to learn that the agency is trying to convince Congress that these two laws should be expanded at the same time to give the FBI even broader power to conduct "lawful" surveillance. Unfortunately, we don’t know much more about the specifics of the FBI’s plan because crucial information in the documents has been withheld or blocked out.
The FBI Has Been Working on "Going Dark" Since at Least 2006 and Has Lobbied Congress and the White House to Support the Program with More Money and Stronger Laws
The FBI and DOJ have been working on amendments to CALEA since at least 2006, though their efforts to lobby Congress and the White House have steadily ramped up within the last few years. (GD1, p. 34). The FBI has met with important Congressional committees and with the White House about Going Dark many times since January 2008 and has specific plans to "socialize [its] Strategy with key Congressional members and staff (e.g., Judiciary, Intelligence, Appropriations)." (GD1, pp. 38-30).
For example, in January 2008, the FBI director testified before the House and Senate at the annual threat assessment hearing and included a Q&A handout on Going Dark for the briefing book. (GD1, p.7). Although the hearings were held in both open and closed sessions (and so this handout should be available to the public), the version we received is heavily redacted. (GD1, p. 22).
In March 2008, staff from the Senate Subcommittee on Commerce, Justice, and Science visited the FBI's Operational Technology Division and had a briefing on Going Dark with Kerry Haynes, the Assistant Director of the Investigative Technologies Division. Topics discussed included "unfunded requirements, level of cooperation/understanding/assistance from DNI, level of sharing and cooperation with IC/telecom and [international] partners, consolidation of tech efforts across industry, working groups/detailees [sic] to consolidate efforts, the 'data coordination center' concept." (GD1, p. 32).
The FBI focused much of its lobbying efforts on the Senate Commerce, Justice, Science (CJS) Appropriations Subcommittee, and met with met with Senator Mikulski, the committee chair, and her staffers several times over the last few years in both open and closed sessions, including in April 2008, June 2008, May 2009, and June 2009. In fact, according to the FBI, Senator Mikulski stated during the June 2008 meeting: "The FBI and the CJS have had a very productive working relationship and the FBI can count on the CJS for whatever it needs to fulfill the mission of the FBI." (GD1, p. 30).
The FBI also met or communicated with key members of the current administration and other agencies, including meeting with the Obama transition team in November 2008, (GD3, p. 8-9). The agency discussed Going Dark with the Department of Commerce in May 2009, (GD4, p. 26), and met with ODNI on Going Dark in October 2008. (GD4, p. 80) The FBI also worked directly with the DEA to try to collect information detailing agents' inability to conduct electronic surveillance, to provide support for the agency's claim that it needed new and better tools and laws. (GD4, pp. 24-25). And the agency planned to vet its 5-prong strategy with both the Office of Management and Budget (OMB) and Department of Justice (DOJ). (GD1, pp. 38-30).
The FBI Has Also Worked With State and Local Law Enforcement and Private Government Contractors to Develop and Implement its Strategy
Several of the documents we received detail the FBI’s holistic approach to implementing Going Dark. For example, the agency sought input from state and local law enforcement leadership such as "IACP, Major Cities Chiefs, Major County Sheriffs' Association," (GD1, pp. 38-40), and asked state and local law enforcement to provide it with examples of electronic surveillance failures. The agency also reached out to the communications industry, including "IP-based communications service providers and manufacturers" and "third-party lawful intercept solution providers." (GD1, pp. 38-40, 2-3). And the agency contracted with private government consultants at RAND Corporation and Booz, Allen & Hamilton to study the problem and help devise solutions. (GD3, p. 28; GD4, pp. 6-7; GD4, p. 112)
What Does This Mean for our FOIA Lawsuit and for the FBI’s Hopes to Implement Changes to Federal Surveillance Laws?
The interesting thing about all this is that the DOJ has argued in response to our motion seeking documents that because there’s no draft legislation being publicly bandied about right now, there can be no urgency to our FOIA request. For this reason, the agency won’t agree to any deadline to produce its documents. We’ll be arguing this point in the court hearing on our motion tomorrow and hope to convince the court that the Going Dark documents, combined with the House Judiciary Committee hearing, show that the DOJ is serious about pushing through changes to communications surveillance laws as soon as possible. We'll be urging the court to order the DOJ to produce the rest of the documents in response to our FOIA requests while there’s still time to influence the debate.
- 1. The citations refer to the documents posted at the end of this deeplink. Page numbers refer to the pages in each pdf document.
Recent DeepLinks Posts
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games