Investigations / Probes, Surveillance, Privacy > USA
Federal Bureau of Investigation (F.B.I.)
Even Those
Cleared of Crimes
Can Stay
on F.B.I.’s Watch List
September 27,
2011
The New York Times
By CHARLIE SAVAGE
WASHINGTON —
The Federal Bureau of Investigation is permitted to include people on the
government’s terrorist watch list even if they have been acquitted of
terrorism-related offenses or the charges are dropped, according to newly
released documents.
The files, released by the F.B.I. under the Freedom of Information Act, disclose
how the police are instructed to react if they encounter a person on the list.
They lay out, for the first time in public view, the legal standard that
national security officials must meet in order to add a name to the list. And
they shed new light on how names are vetted for possible removal from the list.
Inclusion on the watch list can keep terrorism suspects off planes, block
noncitizens from entering the country and subject people to delays and greater
scrutiny at airports, border crossings and traffic stops.
The database now has about 420,000 names, including about 8,000 Americans,
according to the statistics released in connection with the 10th anniversary of
the Sept. 11 attacks. About 16,000 people, including about 500 Americans, are
barred from flying.
Timothy J. Healy, the director of the F.B.I.’s Terrorist Screening Center, which
vets requests to add or remove names from the list, said the documents showed
that the government was balancing civil liberties with a careful, multilayered
process for vetting who goes on it — and for making sure that names that no
longer need to be on it came off.
“There has been a lot of criticism about the watch list,” claiming that it is
“haphazard,” he said. “But what this illustrates is that there is a very
detailed process that the F.B.I. follows in terms of nominations of watch-listed
people.”
Still, some of the procedures drew fire from civil liberties advocates,
including the Electronic Privacy Information Center, which made the original
request and provided the documents to The New York Times.
The 91 pages of newly disclosed files include a December 2010 guidance
memorandum to F.B.I. field offices showing that even a not-guilty verdict may
not always be enough to get someone off the list, if agents maintain they still
have “reasonable suspicion” that the person might have ties to terrorism.
“If an individual is acquitted or charges are dismissed for a crime related to
terrorism, the individual must still meet the reasonable suspicion standard in
order to remain on, or be subsequently nominated to, the terrorist watch list,”
the once-classified memorandum says.
Ginger McCall, a counsel at the Electronic Privacy Information Center, said: “In
the United States, you are supposed to be assumed innocent. But on the watch
list, you may be assumed guilty, even after the court dismisses your case.”
But Stewart Baker, a former Homeland Security official in the Bush
administration, argued that even if the intelligence about someone’s possible
terrorism ties fell short of the courtroom standard of “beyond a reasonable
doubt,” it could still be appropriate to keep the person on the watch list as
having attracted suspicion.
Mr. Baker noted that being subjected to extra questioning — or even kept off
flights — was different than going to prison.
The guidance memo to F.B.I. field offices says someone may be deemed a “known or
suspected terrorist” if officials have “particularized derogatory information”
to support their suspicions.
That standard may be met by an allegation that the suspect has terrorism ties if
the claim is corroborated by at least one other source, it said, but “mere
guesses or ‘hunches’ are not enough.”
Normally, it says, if agents close the investigation without charges, they
should remove the subject’s name — as they should also normally do in the case
of an acquittal. But for exceptions, the F.B.I. maintains a special file for
people whose names it is keeping in the database because it has decided they
pose a national security risk even they are not the subject any active
investigation.
The F.B.I.’s Terrorist Screening Center shares the data with other federal
agencies for screening aircraft passengers, people who are crossing the border
and people who apply for visas. The data is also used by local police officers
to check names during traffic stops.
The December memorandum lays out procedures for police officers to follow when
they encounter people who are listed. For example, officers are never to tell
the suspects that they might be on the watch list, and they must immediately
call the federal government for instructions.
In addition, it says, police officers and border agents are to treat suspects
differently based on which “handling codes” are in the system.
Some people, with outstanding warrants, are to be arrested; others are to be
questioned while officers check with the Department of Homeland Security to see
whether it has or will issue a “detainer” request; and others should be allowed
to proceed without delay.
The documents show that the F.B.I. is developing a system to automatically
notify regional “fusion centers,” where law enforcement agencies share
information, if officers nearby have encountered someone on the list. The bureau
also requires F.B.I. supervisors to sign off before an advisory would warn the
police that a subject is “armed and dangerous” or has “violent tendencies.”
The F.B.I. procedures encourage agents to renominate suspects for the watch list
even if they were already put on it by another agency — meaning multiple
agencies would have to be involved in any attempt to later remove that person.
The procedures offer no way for people who are on the watch list to be notified
of that fact or given an opportunity to see and challenge the specific
allegations against them.
Chris Calabrese, a counsel with the American Civil Liberties Union, called the
watch list system a “Star Chamber” — “a secret determination, that you have no
input into, that you are a terrorist. Once that determination is made, it can
ripple through your entire life and you have no way to challenge it.”
But Mr. Healy said the government could not reveal who was on the list, or why,
because that would risk revealing intelligence sources. He also defended the
idea of the watch list, saying the government would be blamed if, after a
terrorist attack, it turned out the perpetrator had attracted the suspicions of
one agency but it had not warned other agencies to scrutinize the person.
Mr. Healy also suggested that fears of the watch list were exaggerated, in part
because there are many other reasons that people are subjected to extra
screening at airports. He said more than 200,000 people have complained to the
Department of Homeland Security about their belief that they were wrongly on the
list, but fewer than 1 percent of them were actually on it.
WASHINGTON — Federal law enforcement and national security officials are
preparing to seek sweeping new regulations for the Internet, arguing that their
ability to wiretap criminal and terrorism suspects is “going dark” as people
increasingly communicate online instead of by telephone.
Essentially, officials want Congress to require all services that enable
communications — including encrypted e-mail transmitters like BlackBerry, social
networking Web sites like Facebook and software that allows direct “peer to
peer” messaging like Skype — to be technically capable of complying if served
with a wiretap order. The mandate would include being able to intercept and
unscramble encrypted messages.
The bill, which the Obama administration plans to submit to lawmakers next year,
raises fresh questions about how to balance security needs with protecting
privacy and fostering innovation. And because security services around the world
face the same problem, it could set an example that is copied globally.
James X. Dempsey, vice president of the Center for Democracy and Technology, an
Internet policy group, said the proposal had “huge implications” and challenged
“fundamental elements of the Internet revolution” — including its decentralized
design.
“They are really asking for the authority to redesign services that take
advantage of the unique, and now pervasive, architecture of the Internet,” he
said. “They basically want to turn back the clock and make Internet services
function the way that the telephone system used to function.”
But law enforcement officials contend that imposing such a mandate is reasonable
and necessary to prevent the erosion of their investigative powers.
“We’re talking about lawfully authorized intercepts,” said Valerie E. Caproni,
general counsel for the Federal Bureau of Investigation. “We’re not talking
expanding authority. We’re talking about preserving our ability to execute our
existing authority in order to protect the public safety and national security.”
Investigators have been concerned for years that changing communications
technology could damage their ability to conduct surveillance. In recent months,
officials from the F.B.I., the Justice Department, the National Security Agency,
the White House and other agencies have been meeting to develop a proposed
solution.
There is not yet agreement on important elements, like how to word statutory
language defining who counts as a communications service provider, according to
several officials familiar with the deliberations.
But they want it to apply broadly, including to companies that operate from
servers abroad, like Research in Motion, the Canadian maker of BlackBerry
devices. In recent months, that company has come into conflict with the
governments of Dubai and India over their inability to conduct surveillance of
messages sent via its encrypted service.
In the United States, phone and broadband networks are already required to have
interception capabilities, under a 1994 law called the Communications Assistance
to Law Enforcement Act. It aimed to ensure that government surveillance
abilities would remain intact during the evolution from a copper-wire phone
system to digital networks and cellphones.
Often, investigators can intercept communications at a switch operated by the
network company. But sometimes — like when the target uses a service that
encrypts messages between his computer and its servers — they must instead serve
the order on a service provider to get unscrambled versions.
Like phone companies, communication service providers are subject to wiretap
orders. But the 1994 law does not apply to them. While some maintain
interception capacities, others wait until they are served with orders to try to
develop them.
The F.B.I.’s operational technologies division spent $9.75 million last year
helping communication companies — including some subject to the 1994 law that
had difficulties — do so. And its 2010 budget included $9 million for a “Going
Dark Program” to bolster its electronic surveillance capabilities.
Beyond such costs, Ms. Caproni said, F.B.I. efforts to help retrofit services
have a major shortcoming: the process can delay their ability to wiretap a
suspect for months.
Moreover, some services encrypt messages between users, so that even the
provider cannot unscramble them.
There is no public data about how often court-approved surveillance is
frustrated because of a service’s technical design.
But as an example, one official said, an investigation into a drug cartel
earlier this year was stymied because smugglers used peer-to-peer software,
which is difficult to intercept because it is not routed through a central hub.
Agents eventually installed surveillance equipment in a suspect’s office, but
that tactic was “risky,” the official said, and the delay “prevented the
interception of pertinent communications.”
Moreover, according to several other officials, after the failed Times Square
bombing in May, investigators discovered that the suspect, Faisal Shahzad, had
been communicating with a service that lacked prebuilt interception capacity. If
he had aroused suspicion beforehand, there would have been a delay before he
could have been wiretapped.
To counter such problems, officials are coalescing around several of the
proposal’s likely requirements:
¶ Communications services that encrypt messages must have a way to unscramble
them.
¶ Foreign-based providers that do business inside the United States must install
a domestic office capable of performing intercepts.
¶ Developers of software that enables peer-to-peer communication must redesign
their service to allow interception.
Providers that failed to comply would face fines or some other penalty. But the
proposal is likely to direct companies to come up with their own way to meet the
mandates. Writing any statute in “technologically neutral” terms would also help
prevent it from becoming obsolete, officials said.
Even with such a law, some gaps could remain. It is not clear how it could
compel compliance by overseas services that do no domestic business, or from a
“freeware” application developed by volunteers.
In their battle with Research in Motion, countries like Dubai have sought
leverage by threatening to block BlackBerry data from their networks. But Ms.
Caproni said the F.B.I. did not support filtering the Internet in the United
States.
Still, even a proposal that consists only of a legal mandate is likely to be
controversial, said Michael A. Sussmann, a former Justice Department lawyer who
advises communications providers.
“It would be an enormous change for newly covered companies,” he said.
“Implementation would be a huge technology and security headache, and the
investigative burden and costs will shift to providers.”
Several privacy and technology advocates argued that requiring interception
capabilities would create holes that would inevitably be exploited by hackers.
Steven M. Bellovin, a Columbia University computer science professor, pointed to
an episode in Greece: In 2005, it was discovered that hackers had taken
advantage of a legally mandated wiretap function to spy on top officials’
phones, including the prime minister’s.
“I think it’s a disaster waiting to happen,” he said. “If they start building in
all these back doors, they will be exploited.”
Susan Landau, a Radcliffe Institute of Advanced Study fellow and former Sun
Microsystems engineer, argued that the proposal would raise costly impediments
to innovation by small startups.
“Every engineer who is developing the wiretap system is an engineer who is not
building in greater security, more features, or getting the product out faster,”
she said.
Moreover, providers of services featuring user-to-user encryption are likely to
object to watering it down. Similarly, in the late 1990s, encryption makers
fought off a proposal to require them to include a back door enabling
wiretapping, arguing it would cripple their products in the global market.
But law enforcement officials rejected such arguments. They said including an
interception capability from the start was less likely to inadvertently create
security holes than retrofitting it after receiving a wiretap order.
They also noted that critics predicted that the 1994 law would impede cellphone
innovation, but that technology continued to improve. And their envisioned
decryption mandate is modest, they contended, because service providers — not
the government — would hold the key.
“No one should be promising their customers that they will thumb their nose at a
U.S. court order,” Ms. Caproni said. “They can promise strong encryption. They
just need to figure out how they can provide us plain text.”
WASHINGTON — The government's terrorist watch list has hit 1 million entries,
up 32% since 2007.
Federal data show the rise comes despite the removal of 33,000 entries last
year by the FBI's Terrorist Screening Center in an effort to purge the list of
outdated information and remove people cleared in investigations.
It's unclear how many individuals those 33,000 records represent — the center
often uses multiple entries, or "identities," for a person to reflect variances
in name spellings or other identifying information. The remaining million
entries represent about 400,000 individuals, according to the center.
The new figures were provided by the screening center and the Office of the
Director of National Intelligence in response to requests from USA TODAY.
"We're continually trying to improve the quality of the information," says
Timothy Edgar, a civil liberties officer at the intelligence director's office.
"It's always going to be a work in progress."
People put on the watch list by intelligence and law enforcement agencies can be
blocked from flying, stopped at borders or subjected to other scrutiny. About
95% of the people on the list are foreigners, the FBI says, but it's a source of
frequent complaints from U.S. travelers.
In the past two years, 51,000 people have filed "redress" requests claiming they
were wrongly included on the watch list, according to the Department of Homeland
Security. In the vast majority of cases reviewed so far, it has turned out that
the petitioners were not actually on the list, with most having been
misidentified at airports because their names resembled others on it.
There have been 830 redress requests since 2005 where the person was, in fact,
confirmed to be on the watch list, and further review by the screening center
led to the removal of 150, or 18% of them.
Without specific rules for who goes on the list, it's too bloated to be
effective, says Tim Sparapani, a lawyer with the American Civil Liberties Union.
A 2007 audit by the Government Accountability Office said more needed to be done
to ensure the list's accuracy, but still found that it has "enhanced the U.S.
government's counterterrorism efforts."
