On Monday, the Justice Department published a kind of best-hits list trumpeting what it accomplished in the year since Sept. 11, 2001. Excerpts follow. -Declan --- http://www.politechbot.com/docs/doj.accomplishments.090902.doc J u s t i c e D e p a r t m e n t A c c o m p l i s h m e n t s i n t h e W a r on T e r r o r i s m The Shift from Investigation to Prevention - FBI: $412 million in additional funds as follows: $223 million to increase intelligence and surveillance capabilities, response capabilities, and additional equipment and support personnel; $109 million to enhance various FBI information technology projects, including digital storage of documents, data management and warehousing, collaborative capabilities, IT support for Legal Attaches, continuity of operations, video teleconferencing capabilities, and Trilogy support and mainframe data center upgrades; and $78 million to harden FBI information systems against inappropriate and illegal use and intrusion, and to conduct background investigations. The total proposed FY 2003 budget for the FBI ($4.3 billion) is a 19% increase over FY 2002 ($3.6 billion pre-CT Supplemental). With these increases, the FBI budget has increased by almost one-third over the past two years (29%). · State and Local Anti-Terrorism Training (SLATT) Program Has Provided Assistance to Law Enforcement Authorities. The State and Local Anti-Terrorism Training (SLATT) Program, administered by OJP’s Bureau of Justice Assistance, provides training and technical assistance on pre-incident preparation and preparedness to state and local law enforcement administrators and prosecution authorities. SLATT works in close cooperation with the FBI’s National Security Division Training Unit, delivering specialized executive, investigative, intelligence, and officer safety training. · May 29, 2002: The FBI Announced Ten Reshaped Priorities Which Focus First on Preventing Terrorist Attacks: 1) Protect the United States from terrorist attack 2) Protect the United States against foreign intelligence operations and espionage 3) Protect the United States against cyber-based attacks and high technology crimes 4) Combat public corruption at all levels 5) Protect civil rights 6) Combat transnational and national criminal organizations and enterprises 7) Combat major white-collar crime 8) Combat significant violent crime 9) Support federal, state, local and international partners 10) Upgrade technology to successfully perform the FBI’s mission · Enhanced Terrorist Surveillance Procedures (USA PATRIOT Act, Title II): - Adds terrorism crimes to the list of offenses for which wiretap orders are available, also makes wiretap orders available to investigate computer fraud. The wiretap statute authorizes the government to seek a court order to intercept communications relating to a list of enumerated crimes. Previously that list did not include a number of offenses that terrorists are likely to commit. The offenses added under Section 201 include chemical weapons offenses, killing United States nationals abroad, using weapons of mass destruction, and providing material support to terrorist organizations. Section 202 expands the availability of wiretaps to include communications that could reveal evidence of felonious computer fraud. This provision enables law-enforcement personnel to gather information about attacks on computer systems, which sophisticated international terrorist organizations are capable of planning. (Section 201 and 202: Authority to Intercept Wire, Oral, and Electronic Communications Relating to Terrorism) - Allows law-enforcement personnel to share grand-jury and wiretap information regarding foreign intelligence with various other federal officers without first obtaining a court order, including law-enforcement, intelligence, protective, immigration, national-defense, and national-security personnel. Previous law sharply limited the ability of law-enforcement personnel to share investigative information, and hampered terrorism investigations. Section 203 establishes a general rule that, notwithstanding any other provision of law, federal law-enforcement personnel may share foreign-intelligence information with intelligence, protective, immigration, national-defense, and national-security personnel. The Department has regularly utilized this authority to share information in connection with its terrorism investigation, and the Attorney General is finalizing procedures to institutionalize such cooperation. (Section 203: Authority to Share Criminal Investigative Information) Authorizes the Director of the FBI to hire translators to support counter-terrorism operations, without regard to federal personnel limitations. The Department regularly utilizes this expanded authority, with great results in improving the efficiency and efficacy of intelligence operations. (Section 205: Employment of Translators by the Federal Bureau of Investigation) - Improves the ability of law-enforcement officers to enlist the help of third parties, such as landlords, in conducting court-ordered surveillance. Foreign Intelligence Surveillance Act (“FISA”) permitted the government to require certain third partiesincluding common carriers, landlords, and custodiansto assist in conducting court-ordered surveillance. However, previous law did not allow law-enforcement personnel to seek the assistance of a third party unless the FISA court has issued an order specifically naming him, which required repeated trips to court, wasting valuable time and resources. Section 206 allows law-enforcement officers to enlist the help of a newly discovered third party by presenting him with a generic court order. This enhances the government’s ability to monitor international terrorists and intelligence officers who are trained to thwart surveillance by rapidly changing hotel accommodations, cell phones, and internet accounts, just before important meetings or communications. (Section 206: Roving Surveillance Authority Under the Foreign Intelligence Surveillance Act of 1978) - Increases the length of surveillance and search orders granted by court. Under previous law, the Foreign Intelligence Surveillance Court could only authorize investigations of foreign powers’ employees for up to 45 days. This required law-enforcement personnel to waste valuable time and resources renewing court orders. Section 207 permits the FISA court to authorize physical searches and electronic surveillance of foreign powers’ employees for up to 120 days (other persons could be searched / surveilled for 90 days) and further authorizes search / surveillance orders to be extended for periods of up to one year. Section 207 would apply only to foreign nationals. (Section 207: Duration of FISA Surveillance of Non-United States Persons Who Are Agents of a Foreign Power) - Expedite seizure of voice-mail. Previous law applied different standards to the seizure of unopened emails stored in a computer and unopened voice-mail messages stored with a service provider. The government can obtain unopened emails by obtaining a search warrant, but needed a wiretap order to get unopened voice-mail messages from a service provider. Section 209 treats unopened voice-mail like unopened email, requiring that a search warrant be used. This expedites seizure of voice-mail, and abolishes the current anomalous distinction between voice and data. Section 209 preserves officers’ ability under current law to obtain opened messages through a subpoena. (Section 209: Seizure of Voice-Mail Messages Pursuant to Warrants) - Authorizes investigators to subpoena information about an internet user’s “temporarily assigned network address” (the internet equivalent of a telephone number), as well as billing records. Under previous law, the government could issue an administrative subpoena to electronic communications providers that required them to disclose a small class of records, including a customer’s name, address, length of service, and long-distance telephone billing records. All other recordsincluding those relating to the internet, which increasingly is terrorists’ preferred method of communicatingcould be obtained only through the cumbersome court-order process. In fast-moving terrorist investigations, the delay can be significant. Internet communications often are a critical method of identifying conspirators and determining the source of the attacks. This provision authorizes investigators to subpoena information about an internet user’s “temporarily assigned network address,” as well as their billing records. Speedy acquisition of this information could identify a perpetrator and link an individual terrorist to a larger organization. Section 210 satisfies a vital law-enforcement need with only a minimal intrusion on privacy interests; it would not allow the government to obtain records of a user’s browsing activity. (Section 210: Scope of Subpoenas for Records of Electronic Communications) - Cable companies subject to the same rules as other internet providers. Many cable companies have begun to provide Internet and telephone service, and some companies have refused to comply with search warrants or subpoenas for records of their customers’ telephone and Internet use citing the Cable Act’s restrictions. Section 211 clarifies that statutes governing telephone and Internet communications (and not the burdensome provisions of the Cable Act) apply to cable companies that provide Internet or telephone service in addition to television programming. Section 211 clarifies that when a cable company acts as a telephone company or an Internet service provider, it must comply with the same disclosure laws that apply to any other telephone company or Internet service provider. (Section 211: Clarification of Scope) - Allows communication providers to voluntarily disclose content of subscribers’ communications in emergencies that threaten death or serious bodily injury. Previous law did not allow communications providers to disclose the content of their subscribers’ communications in emergencies that threaten death or serious bodily injury and even though providers could disclose content to protect their rights and property, they could not in the same circumstances disclose non-content records (such as a subscriber’s login records). The law thus prevented communications providers from acting quickly to prevent imminent terrorist or other criminal activity, and hindered their ability to protect themselves from cyber-terrorists and -criminals. This section authorizes a provider to disclose its customers’ communications if it believes that an emergency threatens death or serious injury. Immediate disclosure is critical, because there may be no time to obtain process. Section 212 protects customers’ privacy interests because it merely allows, rather than requires, providers to disclose communications; the government cannot compel the disclosure of records. Section 212 also clarifies that providers voluntarily may disclose both content and non-content records to protect their computer systems, protecting the infrastructures. In one example, this provision was used to investigate a threat against a high school in Canada, where authorities obtained disclosure information from an internet service provider in the United States and identified the perpetrator, who confessed to the threat. (Section 212: Emergency Disclosure of Electronic Communications to Protect Life and Limb) - Eases the legal requirements of law-enforcement officials to obtain court permission for pen/trap orders in international terrorism investigations. Previously, FISA authorized pen register / trap and trace orderswhich enable law enforcement to collect non-content information about a communicationin investigations to gather foreign-intelligence information or information about international terrorism. In contrast to the wiretap statute, FISA requires government personnel to certify, not just that the information they seek is relevant, but that the device to be monitored has been used to contact a foreign agent engaged in international terrorism. Under section 214, the government can more easily obtain a pen / trap order in investigations intended to protect against international terrorism or “clandestine intelligence activities.” Pen / trap orders would be available if the information to be obtained, or the device to be tapped, is relevant to an international-terrorism investigation. This provision clarifies that the government may not gather information from a United States individual’s protected First Amendment activities. (Section 214: Pen Register and Trap and Trace Authority Under FISA) - Allows law-enforcement officials to more easily obtain business records in international terrorism cases. Previously, FISA made it extremely difficult for law-enforcement personnel to obtain business records in connection with a foreign-intelligence investigation. Section 215 authorized certain law-enforcement personnel to apply to the FISA court for an order requiring the production of any tangible thing. The application must certify that the records are sought as part of an investigation of international terrorism or “clandestine intelligence activities.” A United States person cannot be investigated on the basis of First Amendment protected activities. (Section 215: Access to Records and Other Items Under the Foreign Intelligence Surveillance Act) - Authorizes courts to grant pen/trap orders in relation to the Internet, and makes the order effective anywhere in the United States. Pen registers and trap and trace devices enable law-enforcement personnel to collect non-content information associated with communication. They do not allow officers to eavesdrop on the conversation; they only reveal which numbers are dialed by, or received by, a particular telephone. Law enforcement may use pen registers and trap and trace devices only by obtaining a court order. Under previous law, such orders were valid only in the issuing court’s jurisdiction, and it was unclear whether pen registers and trap and trace devices could be used to track internet communications. This provision authorizes courts to grant orders that are valid “anywhere within the United States,” ensuring law-enforcement officials no longer have to apply for new orders each time their investigation leads them to another jurisdiction. Section 216 clarifies that the pen/trap provisions apply to facilities other than telephone lines, such as the internet. This enables law enforcement to trace terrorists’ communications regardless of the media they use. Law enforcement officials may not eavesdrop on the content of a communication, and this provision does not lower the standard courts use in deciding whether to issue a pen/trap order. The Department has issued guidance clearly delineating departmental policy regarding the avoidance of “overcollection,” i.e., the collection of “content” in the use of pen registers or trap and trace devices governed by the statute. (Section 216: Modification of Authorities Relating to Use of Pen Registers and Trap and Trace Devices) - Allows computer victims of hackers to request government assistance in monitoring and apprehending trespassers. The wiretap statute previously prevented government assistance when victims of computer trespassing request help in monitoring unauthorized attacks. Section 217 allows victims of computer attacks to authorize persons “acting under color of law” to monitor trespassers on their computer systems in a narrow class of cases. Section 217 thus helps place cyber-intruders on the same footing as physical intruders: victims can seek law-enforcement assistance in combating hackers just as burglary victims can invite police officers into their homes to catch burglars. Section 217 does not authorize law-enforcement authorities to intercept the communications of legitimate computer users. (Section 217: Interception of Computer Trespasser Communications) - Increases availability of searches and surveillance under FISA. Under previous law, law-enforcement personnel who applied for electronic surveillance or physical searches under FISA were required to certify that “the” primary purpose of their investigation was to gather foreign intelligence. This required officers constantly to monitor the relative weight of their investigations’ criminal and intelligence purposes. Section 218 clarified that the government may conduct FISA surveillance or searches if foreign-intelligence gathering is “a significant” purpose of the investigation. This change reduces officers’ need to evaluate whether their investigations have predominantly criminal or intelligence purposes, and allows increased collaboration between law-enforcement and intelligence personnel. The Department has implemented, and continues to refine, procedures to effectuate this provision. (Section 218: Foreign Intelligence Information) - Allows law-enforcement officials to obtain a search warrant anywhere a terrorist-related activity occurred. Rule 41(a) of the Federal Rules of Criminal Procedure required law-enforcement personnel to obtain a search warrant in the district where they intend to conduct a search. Terrorism investigations often span a number of districts, and officers therefore must obtain multiple warrants in multiple jurisdictions, creating unnecessary delays. Section 219 provides that warrants can be obtained in any district in which terrorism-related activities occurred, regardless of where they will be executed. This provision does not change the standards governing the availability of a search warrant, but streamlines the search-warrant process. (Section 219: Single-Jurisdiction Search Warrants for Terrorism) - Allows a court, which has jurisdiction over the offense being investigated, to compel the release of stored communications by issuing a search warrant valid anywhere in the United States. Under previous law, the government had to use a search warrant if it wished to obtain unopened email from a service provider. But a court sitting in one jurisdiction is not able to issue a warrant that is valid in another jurisdiction. This requirement unnecessarily delays officers’ access to critical information. Section 220 allows a court, which has jurisdiction over the offense being investigated, to compel the release of stored communications by issuing a search warrant that is valid anywhere in the United States. Section 220 would not dilute the substantive standards governing a search warrant’s availability. (Section 220: Nationwide Service of Search Warrants for Electronic Evidence) - Provides the President with flexibility to impose certain trade sanctions. The previous law prohibited the President from imposing unilateral agricultural and medical sanctions against foreign entities and governments. Section 221 made an exception for sanctions on devices that could be used to develop missiles or other weapons of mass destruction. It also expanded the President’s ability to restrict exports to the Taliban, or the portions of Afghanistan controlled by the Taliban. In addition, section 221 of possible terrorist activity. ü November 13, 2001, Attorney General Directive to Designate an Official to Share Information Regarding Terrorist Investigations with State and Local Law Enforcement Officials: Directed each U.S. Attorney to designate a Chief Information Officer (CIO) in order to centralize the process by which information relevant to the investigation and prosecution of terrorists can be shared with state and local officials. In addition, directed each CIO of the district to solicit suggestions from state and local officials on the best way to disseminate information in the district and to establish communications protocols for information sharing. ü November 13, 2001, Attorney General Directive to Makes Counterterrorism Training Available to Local Law Enforcement Participants in the Anti-Terrorism Task Forces: Issued to the Assistant Attorney General for the Office of Justice Programs, the Directors of the Office of Community Oriented Policing Services and the Office of Intergovernmental Affairs, and all United States Attorneys. This directive required training similar to that of the Anti-Terrorism Coordinators be made available to local law enforcement participants in the ATTFs either at the National Advocacy Training Center in Columbia, South Carolina, or through remote training at the 94 United States Attorneys’ offices. ü April 11, 2002, Attorney General Directive to Institutionalize Information Sharing Efforts Through Shared Databases: Issued to the Deputy Attorney General, the Assistant Attorneys General for the Criminal Division and the Office of Legal Policy, the Commissioner of INS, the Administrator of the DEA, and the Directors of the FBI, the Executive Office of United States Attorneys, the Marshals Service, and the Foreign Terrorist Tracking Task Force. The directives included expanding terrorist information in law enforcement databases, coordinating foreign terrorist information with the Department of Defense and foreign law enforcement agencies, improving information coordination with state and local partners through the development of a secure but unclassified web-based system, and the standardizing of the procedures for the sharing of foreign intelligence and counterintelligence information obtained as part of a criminal investigation with relevant federal officials. · Investigative Guidelines: Implemented New Guidelines to Help Conduct Investigations Capable of Preventing Terrorist Attacks. The new guidelines reflect the Attorney General’s mission for the Justice Department’s war on terror: to neutralize terrorists before they are able to strike. The revised guidelines create new information- and intelligence-gathering authorities to detect terrorist plots, and strengthen existing provisions to promote effective intervention to foil terrorists’ plans. Now they are poised for prevention. The Attorney General, on May 30, 2002, released four guidelines, including: - General Crimes, Racketeering and Terrorism Investigations - FBI Undercover Operations - Confidential Informants - Lawful, Warrantless Monitoring of Verbal Communications ü The Guidelines Allow the FBI to Work to Prevent Crimes, Rather than Just Investigating Past Crimes. The previous guidelines generally barred the FBI from taking the initiative to detect and prevent future crimes, unless it learned of possible criminal activity from external sources. As a result, the FBI was largely confined to a reactive role. - Authorizing the FBI to Have Normal Public Access to Public Places. Under the old guidelines, FBI field agents were inhibited from visiting public places, which are open to all other citizens. Agents avoided them not because they were barred by the Constitution, or any federal statute, but because of the lack of clear authority under administrative guidelines issued decades ago. The new guidelines clarify that FBI field agents may enter any public place that is open to other citizens, unless they are prohibited from doing so by the Constitution or federal statute, for the specific purpose of detecting or preventing terrorist activities. The guidelines do not, and cannot, nullify any existing Constitutional or statutory duty to obtain judicial approval as required to conduct their surveillance or investigations. - Enhances Information-Gathering Ability, Allows General Internet Searches and Commercial Research Data. In the past, there was no clear basis for conducting online research for counterterrorism purposeseven of publicly available informationexcept when investigating a specific case. For example, FBI agents could not conduct online searches to identify websites in which bomb-making instructions or plans for cyberterrorism are openly traded and disseminated. The new guidelines strengthen the FBI’s intelligence-gathering capabilities by expressly stating that agents may engage in online research, even when not linked to an individual criminal investigation. They also authorize the FBI to use commercial data mining services to detect and prevent terrorist attacks, independent of particular criminal investigations. - Allows FBI Field Agents to Use Information Collected in the Earliest Stages To Investigate Groups Suspected of Terrorism. Under the old Guidelines, preliminary inquirieswhere agents gather information before enough evidence has been uncovered to merit an outright investigationcould be used only to determine whether there was enough evidence to justify investigating an individual crime. They could not be used to determine whether to open a broader investigation of groups involved in terrorism (i.e., “terrorism enterprise investigations”). The FBI will be able to use preliminary inquiries to determine whether to launch investigations of groups involved in terrorism (i.e., “terrorism enterprise investigations”). - Expanding the Scope and Duration of Investigations, and Easing Red Tape for FBI Field Agents. The previous guidelines impeded the effective use of criminal intelligence investigations (i.e., investigations of criminal enterprises) by imposing limits on the scope of such investigations, short authorization periods, and burdensome approval and renewal requirements. The guidelines now expand the scope of criminal intelligence investigations, lengthen their authorization periods, and ease the approval and renewal requirements. This flexibility enhances the FBI’s terrorism-preventing function and helps the agents in the field. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q\clan CNET Radio 9:40 am ET weekdays: http://cnet.com/broadband/0-7227152.html -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Sep 09 2002 - 22:23:46 PDT