EFF: FBI should release surveillance justification document

The digital rights group asks an appeals court to force the release of a surveillance legal opinion

The U.S Federal Bureau of Investigation should make public a legal opinion it used to justify a past telephone records surveillance program because other agencies may still be relying on the document for surveillance justifications, the Electronic Frontier Foundation argued in court Tuesday.

EFF lawyer Mark Rumold asked a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit to order the FBI to disclose a 2010 legal opinion from the U.S. Department of Justice's Office of Legal Counsel, telling the judges that the OLC report amounts to final policy that agencies are required to disclose under open-records law. The EFF filed a Freedom of Information Act request for the OLC opinion in February 2011 and later filed a lawsuit after the DOJ rejected its request.

The FBI telephone surveillance program, which operated from 2003 to 2007, isn't directly related to a controversial U.S. National Security Agency telephone records collection program disclosed by former NSA contractor Edward Snowden earlier this year. However it's possible for other surveillance agencies to use the OLC opinion to justify their surveillance programs going forward, Rumold said after the hearing. It doesn't appear that the OLC limited its opinion to the FBI, he said.

It's important to make the opinion public because it shows "the blossoming of secret surveillance law," he said.

The OLC opinion gives the FBI authority to obtain private call records in some cases without legal process or an emergency, the FBI has said. The agency, facing a DOJ inspector general's investigation into its surveillance practices, requested the OLC opinion in late 2009. The January 2010 DOJ inspector's report found that the FBI was requesting telephone records from employees of three carriers embedded with the agency through a variety of informal methods outside court approval, including telephone calls and Post-it notes.

At Tuesday's court hearing, DOJ lawyer Daniel Tenny argued that the OLC opinion didn't provide final FBI policy, but instead gave the DOJ subagency advice on how to make its own rules. Thus, the OLC opinion was part of an internal deliberation that agencies aren't required to disclose under open-records law, he told the judges.

The FBI can make the argument, "You're telling us we have the ability to do this," he said. "We may choose to do something else."

After the OLC memo, there's no evidence the FBI continued the surveillance, he added,

But Rumold argued that the OLC, in this case, was acting as the voice of Attorney General Eric Holder and there was little additional policy left for the FBI to implement. The OLC was "deciding concrete issues," he said, and those final decisions of agencies are subject to open-records requirements.

The three judges asked pointed questions of both sides but Judges David Sentelle and Harry Edwards seemed at times skeptical of the EFF's argument. "It's all a matter of advice," not a binding decision, Sentelle said.

In order for the EFF to win the case, it may need to prove the FBI adopted the OLC decision as its rules, Edwards added. "It is not necessarily conclusive when OLC does something like this, that it is the law," he said.

But Edwards also questioned Tenny about whether the FBI adopted the OLC's advice in arguing that it supported its past surveillance practices. In some other cases, DOJ legal opinions have had the force of law on agency practices, but in those cases, there was a direct impact on the public, Tenny said.

Edwards said the surveillance programs also have a direct impact on the public. "This is law being applied to the public," he said. "Those who are complaining about what's being done are asking for the justification."

It's important for the OLC decision to be made public so that U.S. residents and lawmakers can better debate U.S. surveillance programs, Rumold said after the hearing.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags telecommunicationMark RumoldU.S Federal Bureau of InvestigationCivil lawsuitsU.S. National Security AgencyEric HolderU.S. Court of Appeals for the District of Columbia CircuitinternetprivacyDavid SentelleElectronic Frontier FoundationHarry EdwardssecurityEdward SnowdenlegalgovernmentDaniel TennyU.S. Department of Justice

More about CounselDepartment of JusticeDOJEFFElectronic Frontier FoundationFBIFederal Bureau of InvestigationIDGNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place