Through Error, F.B.I. Gained Unauthorized Access to E-Mail
WASHINGTON - A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network - perhaps hundreds of accounts or more - instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
F.B.I. officials blamed an "apparent miscommunication" with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.
Bureau officials noticed a "surge" in the e-mail activity they were monitoring and realized that the provider had mistakenly set its filtering equipment to trap far more data than a judge had actually authorized.
The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.
The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government's wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.
But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: "It's inevitable that these things will happen. It's not weekly, but it's common."
A report in 2006 by the Justice Department inspector general found more than 100 violations of federal wiretap law in the two prior years by the Federal Bureau of Investigation, many of them considered technical and inadvertent.
Bureau officials said they did not have updated public figures but were preparing them as part of a wider-ranging review by the inspector general into misuses of the bureau's authority to use so-called national security letters in gathering phone records and financial documents in intelligence investigations.
In the warrantless wiretapping program approved by President Bush after the Sept. 11 terrorist attacks, technical errors led officials at the National Security Agency on some occasions to monitor communications entirely within the United States - in apparent violation of the program's protocols - because communications problems made it difficult to tell initially whether the targets were in the country or not.
Past violations by the government have also included continuing a wiretap for days or weeks beyond what was authorized by a court, or seeking records beyond what were authorized. The 2006 case appears to be a particularly egregious example of what intelligence officials refer to as "overproduction" - in which a telecommunications provider gives the government more data than it was ordered to provide.
The problem of overproduction is particularly common, F.B.I. officials said. In testimony before Congress in March 2007 regarding abuses of national security letters, Valerie E. Caproni, the bureau's general counsel, said that in one small sample, 10 out of 20 violations were a result of "third-party error," in which a private company "provided the F.B.I. information we did not seek."
The 2006 episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, a nonprofit group in San Francisco that advocates for greater digital privacy protections, as part of a Freedom of Information Act lawsuit the group has brought. The group provided the documents on the 2006 episode to The New York Times.
Marcia Hofmann, a lawyer for the privacy foundation, said the episode raised troubling questions about the technical and policy controls that the F.B.I. had in place to guard against civil liberties abuses.
"How do we know what the F.B.I. does with all these documents when a problem like this comes up?" Ms. Hofmann asked.
In the cyber era, the incident is the equivalent of law enforcement officials getting a subpoena to search a single apartment, but instead having the landlord give them the keys to every apartment in the building. In February 2006, an F.B.I. technical unit noticed "a surge in data being collected" as part of a national security investigation, according to an internal bureau report. An Internet provider was supposed to be providing access to the e-mail of a single target of that investigation, but the F.B.I. soon realized that the filtering controls used by the company "were improperly set and appeared to be collecting data on the entire e-mail domain" used by the individual, according to the report.
The bureau had first gotten authorization from the Foreign Intelligence Surveillance Court to monitor the e-mail of the individual target 10 months earlier, in April 2005, according to the internal F.B.I. document. But Michael Kortan, an F.B.I. spokesman, said in an interview that the problem with the unfiltered e-mail went on for just a few days before it was discovered and fixed. "It was unintentional on their part," he said.
Mr. Kortan would not disclose the name of the Internet provider or the network domain because the national security investigation, which is classified, is continuing. The improperly collected e-mail was first segregated from the court-authorized data and later was destroyed through unspecified means. The individuals whose e-mail was collected apparently were never informed of the problem. Mr. Kortan said he could not say how much e-mail was mistakenly collected as a result of the error, but he said the volume "was enough to get our attention." Peter Eckersley, a staff technologist for the Electronic Frontier Foundation who reviewed the documents, said it would most likely have taken hundreds or perhaps thousands of extra messages to produce the type of "surge" described in the F.B.I.'s internal reports.
Mr. Kortan said that once the problem was detected the foreign intelligence court was notified, along with the Intelligence Oversight Board, which receives reports of possible wiretapping violations.
"This was a technical glitch in an area of evolving tools and technology and fast-paced investigations," Mr. Kortan said. "We moved quickly to resolve it and stop it. The system worked exactly the way it's designed."
© 2008 The New York Times