A recent internal audit by the FBI Office of Internal Auditing (OIA) has revealed that the Federal Bureau of Investigation performed thousands of queries on the digital data of U.S. citizens in 2021 and 2022, despite the lack of a warrant or proper justification as per the agency’s own rules.
The Foreign Intelligence Surveillance Act of 1978 (FISA) allows the government to amass electronic data, including text messages, phone calls, and emails, from foreign individuals abroad. This can inadvertently encompass communications that involve U.S. citizens. These amassed data sets can then be searched by U.S. agencies as part of national security investigations.
As per the regulations approved by the FISA court, a search involving a U.S. citizen must meet three critical criteria: the retrieval of foreign intelligence or criminal evidence must be the goal, the search should be reasonably designed to avoid unnecessary retrieval of irrelevant information, and there must be a specific factual foundation suggesting that it’s likely to retrieve foreign intelligence or evidence of a crime.
The audit, released on May 10, revealed that these criteria were not met 4 percent of the time between July 1, 2021, and March 31, 2022. The most common error identified was a lack of sufficient justification for the search.
An additional FBI report indicated that the agency conducted over 204,000 FISA queries on U.S. citizens in 2022. With a 4 percent noncompliance rate, this translates to over 8,000 instances where the FBI acquired digital communications of Americans without a warrant and without proper justification as per FISA Court rules.
The audit followed procedural changes for FISA queries implemented by FBI Director Christopher Wray in 2021 and 2022. The agency had previously been criticized due to “widespread violations” of the rules found by the FISA Court, including unjustified searches of communications involving journalists, political commentators, government officials, and even a member of Congress.
Notably, the inception of FISA was a reaction to unwarranted surveillance of U.S. citizens during the Nixon administration.
Despite revealing unsettling violations, the audit also showed considerable improvements compared to the period from April 1, 2020, to March 31, 2021, which recorded an 18 percent noncompliance rate. During that period, out of 3.4 million FISA queries involving U.S. citizens, approximately 612,000 were executed in violation of one or more rules.
However, despite the decline in FISA queries and improvements in compliance rates, these changes have not appeased all privacy advocates. Elizabeth Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice, argued via Twitter that even with a 100 percent compliance rate, the government should not have the ability to access Americans’ communications without a warrant. “With a baseline of 8,000 violations per year, there can be no question that a warrant is needed to protect Americans’ fundamental rights.”
In response to the audit findings, the OIA suggested further adjustments to the FISA data querying procedures. Recommendations include enhancing the FISA query compliance monitoring program, insisting that all users complete necessary training before access to raw FISA data is granted, and implementing system modifications to alert users of errors while entering data.