The administration “failed to conduct a comprehensive legal analysis” of three NSA-style bulk data collection programs, according to the Justice Department Inspector General.
The Drug Enforcement Administration skirted numerous legal checks on a trio of bulk data collection programs dating back to the early 1990s, according to an internal watchdog.
In a heavily redacted, 144-page report published Thursday, the Justice Department Inspector General revealed the administration failed to fully assess the legal basis for three massive international surveillance operations that ran largely unchecked from 1992 to 2013. Two of the programs remain active in some form today.
Under one initiative, which investigators called “Program A,” the administration used “non-target specific” subpoenas to force multiple telecom providers to provide metadata on every phone call made from the U.S. to as many as 116 countries with “a nexus to drugs.” Investigators found some companies also provided the officials with data on all calls made between those foreign countries.
The administration also conducted two other bulk surveillance programs during that time without assessing their legality, investigators found. Under “Program B,” officials used similarly sweeping subpoenas to collect information on anyone who purchased specific products from participating vendors. Through “Program C,” DEA purchased telephone metadata for targets of ongoing investigations through a contractor for a separate government agency.
Program B ran from 2008 to 2013, and Program C began in 2007 and remains active today, according to the IG.
Investigators found the administration “failed to conduct a comprehensive legal analysis” of actions under all three programs. Previous court rulings have called into question the use of the sweeping subpoenas under programs A and B, they said. According to the report, the FBI also raised concerns about the legality of the operations.
“We also found the absence of a robust legal review troubling because the DEA utilized the bulk data collected ... on an unknown number of occasions in support of investigations by non-DEA federal agencies that had no apparent connection to specific drug investigations,” the IG added. “This utilization raised significant legal questions” because the administration justified its actions by saying the information “was ‘relevant or material’ to a drug investigation.”
The administration also never clearly determined whether its existing subpoena authority extended to the data provided through Program C, investigators said. The IG also found proof that DEA officials exploited certain investigative practices to keep prosecutors from sharing evidence with defendants.
DEA significantly scaled back Program A after Edward Snowden revealed the existence of similar sweeping surveillance programs at the National Security Agency, according to investigators. In 2014, the administration started subpoenaing metadata on calls made from phone numbers specifically tied to federal investigations. This more narrow surveillance program remains active today, the IG said.
Under target-specific data collection operations, DEA officials must provide “reasonable articulable suspicion" that the target is involved in drug activity, but investigators found there were few safeguards to ensure they did so. The administration set no specific standards of proof for issuing subpoenas, and officials often justified data collection using “generic” and “cursory” explanations, the IG found.
“The information provided [in subpoena documents] often lacks specificity sufficient to establish the particularized facts or basis for connecting the target number to a drug investigation, even if such review had occurred,” investigators said. They added the administration’s auditing process also did little to assess the relevance of the subpoenas it issued.
Additionally, the DEA lacked any policies governing how long data collected under Program B could be stored, according to the IG. The information still resides on its servers today, and officials have no final plan for getting rid of it, investigators said.
The IG began reviewing DEA’s bulk data collection programs in 2013, but according to investigators, the administration “took many actions that hindered the OIG's access to information available to it that the OIG was plainly authorized to obtain.”
Though the programs have been largely curtailed or discontinued altogether, investigators noted there’s nothing to prevent the administration from launching similar operations in the future. The IG made 16 recommendations that would help ensure future programs are conducted “appropriately and consistently with the law … civil rights and civil liberties.”
“DEA is committed to ensuring its practices comply with all Department of Justice policies and procedures and continue to be vetted through a rigorous legal review,” DEA Spokesperson Katherine Pfaff said in a statement to Nextgov. “The DEA agrees with the OIG’s recommendation ... and has already begun enhancing these processes.”