WASHINGTON, USA - AUGUST 26: The Federal Bureau of Investigations headquarters in Washington, USA on August 26, 2016. (Photo by Samuel Corum/Anadolu Agency/Getty Images)
After 9/11, federal law enforcement and intelligence agencies were roundly criticized for failing to coordinate information that, in the aggregate, might have allowed the government to stop the attacks before they happened. Since then, the pendulum has swung in the opposite direction. The FBI has built a secretive and guarded intelligence operation, the tentacles of which stretch beyond its core task of domestic law enforcement and into the construction of the great American panopticon.
Despite the almost complete lack of transparency surrounding that effort, Forbes has uncovered two previously-undisclosed units that sources say form crucial parts of the FBI's surveillance machinery. Known as the FBI Collections Operations Group and the FBI WiFi Group, they appear in virtually no public records. Google searches for the names return nothing. Not a single LinkedIn profile contains a reference to either. And with the unearthing of these two units, civil liberties activists, legal experts and even former intelligence analysts are crying foul about the possibility of widespread domestic surveillance occurring across America with zero oversight.
The COG in the machine
Forbes learned about the existence of the furtive Collections Operations Group (insiders call it "the COG") from the results of a freedom of information act request filed with the FBI in 2017. That FOIA filing concerned a deal signed last year between tech contractor CDW Government and the Data Intercept Technology Unit (DITU, pronounced "dee-too") for $1.1 million in services. DITU, part of the Operational Technology Division in Quantico, Virginia, is one of the most clandestine divisions within the FBI, helping gather crucial data for investigations and intelligence. The OTD is the overarching body that oversees bleeding edge tech development for the entire FBI.
The FBI confirmed to Forbes that the COG is a sub-unit within DITU. The agency refused to comment on the specific nature of the group and its operations. But there's some tantalizing new information nonetheless: according to the FOIA response, the COG's mission "is to provide tools, expertise and solutions to effect lawfully-authorized electronic surveillance of data communications on today's evolving local area network and internet technologies. The COG is responsible for the procurement, development and deployment of network equipment to assist in electronic surveillance to various field offices and OGAs."
OGA stands for “other government agency.” As previously revealed in NSA files leaked by Edward Snowden in 2013 detailing the now-infamous PRISM espionage initiative, one of DITU's roles sees it collect data from technology and telecom companies (whether that's Facebook, Google, Microsoft or your phone and internet provider) before turning it over to intelligence agencies (which could be the DIA, CIA and NSA).
The COG is core to that intelligence sharing both within the FBI and outside the agency. Sources tell Forbes the COG is a go-between surveillance shop, setting up spy tools and associated networking across the FBI or whatever agency demands its services, and helping shift intel between them. Forbes spoke with multiple sources in the security and intelligence fields who claimed knowledge of DITU and its sub-units. All asked to remain anonymous.
"Think of it like this: it's a technical group that oversees technical capabilities so that when lawful requests are issued on providers, and the data they return needs to be analyzed, it can be converted to human-readable formats," said a person with knowledge of the COG. “Often, raw network data comes back in many forms and these teams work to make sure that the special agents and investigative teams can properly interpret the data."
What kinds of equipment does the COG build and deploy in order to capture data? Sources who previously worked in the national intelligence community say it was probably technology such as pole-mounted boxes that capture wireless network traffic, or devices installed at ISPs that vacuum up data.
As for the WiFi Group, it's another DITU sub-unit "responsible for the deployment and installation of communications equipment to support ongoing criminal, counter-terrorism and foreign counter-intelligence investigations," according to a FOIA response for another CDW contract. That 2014 deal, for unspecified surveillance equipment, was worth just $26,571.
"They make sure [investigators] can see the video they need to see and hear the audio they need to hear from afar," explained a source from the security industry. However, he believes the WiFi Group was less about providing the actual surveillance itself than "reliable communication" for the feeds bringing targets' data home. It isn't limited to Wi-Fi communications, therefore, but anything agents want help with. "They will 'tie in' the surveillance gear to a backhaul so that it can be monitored remotely by an agent," the source added. A former FBI agent confirmed those assertions were correct.
Civil liberty anxiety
It's easy to see why the FBI would want such capabilities. But, looking at the COG, cross-agency sharing of intelligence and surveillance resources conducted by a group unknown to the public (until now) has civil liberties folk worried.
"Unfortunately law enforcement agencies spying on their own citizens' communications is a trend that is steadily increasing around the world. When these groups operate in secret there is no way for the public to confirm that they are operating with all due legal restraint as required by their nation's laws," said Cooper Quintin, security researcher and technologist at the Electronic Frontier Foundation.
"There's far too much secrecy when it comes to the FBI's spying on Americans' internet activities. This surveillance has the potential to be very broad, putting large amounts of sensitive information in the hands of an agency responsible for domestic criminal investigations. Americans need to know more about the reach of this surveillance, how it affects them and how it is legally justified," added Patrick Toomey, staff attorney at the American Civil Liberties Union's National Security Project.
R u DITU?
Just how broad DITU's role in national surveillance has become in recent years has caused consternation. A Snowden leak from 2013, and an investigation by Foreign Policy, revealed it was the primary body helping collect data from major Silicon Valley companies on behalf of the NSA. Multiple sources described DITU to Forbes as the domestic face of U.S. intelligence when dealing with technology companies. And, as per its mission statement in the FOIA responses, "DITU is equipped with resources and personnel to provide assistance to the field by capturing all packet switched (internet) data and presenting it in its original format."
One former intelligence agency analyst who reviewed the information Forbes gathered on the COG and DITU said it appeared they were carrying out signals intelligence (SIGINT), the collection and analysis of traffic as it crosses the internet. This, intelligence geeks know, falls under the charter and thus is typically the domain of the NSA, not the FBI. (This may simply come down to semantics; SIGINT could apply to any form of data collection and analysis. Some disagree the FBI is collecting and analyzing giant sets of internet data like other government intel agencies. As one source put it: "They are not doing hardcore, NSA-type SIGINT").
The ex-intelligence analyst said one major concern around such surveillance was "parallel construction." FBI officers could obtain a warrant to intercept data during an investigation where the constrictions on what information can be taken are loose. That information could then be used in another probe, possibly by another intelligence agency, where the information collection rules are tighter. By that point, however, the data has already been acquired and shared across multiple investigative teams.
"The fact that the FBI operates in multiple spaces makes this SIGINT capability extremely concerning for civil rights," the ex-analyst said. "The concerns were much less when they had the wall between intel and law enforcement… Now that there's no 'wall' separating the two, you're left to trust that information gained from intelligence activities is not being used for law enforcement."
And there's more to worry about than parallel construction. "Simply making it easier to share this data and information also worries us as in this era of big data," Joseph Lorenzo-Hall, chief technologist at the Center for Democracy & Technology, told Forbes. "There are very few assurances that the data is protected well and won't essentially be used at some point in a panopticon-like mechanism that we're seeing in places like China, where every little detail controls opportunities available to certain segments of society."
If it's to stick to the letter of the law, government agencies must obtain court approval prior to spying on targets in a criminal investigation, whether or not that investigation is borne on the back of snooping in another probe. "To put it conceptually, the government needs to have shown probable cause to obtain the court’s approval for each criminal investigation it is conducting against the individual," said a legal representative for a major technology company.
To get that data in the first place, DITU has had to form special partnerships with technology companies and telecoms providers. The Snowden leaks already showed DITU played a key role in the NSA's PRISM initiative, which scooped up information from Silicon Valley companies like Apple, Google and Microsoft, to name a few. Sources said DITU’s "longstanding relationships" with telecoms companies, in particular, Verizon, were even tighter, providing easier access to citizens' data. Verizon declined to comment for this article.
Where smaller companies don't have the ability to collect the data DITU wants, the unit's tech specialists work with the provider to develop a solution. That assistance can come in the form of a port reader, a technology previously described in the Foreign Policy report on DITU. Former FBI sources said the port reader would sift through information and take only what the feds were allowed, as per a warrant. The solution is only temporary, a former FBI employee said, and the filters are installed when a warrant comes in and removed when the relevant information is acquired.
Whatever the ethical quandaries at play, the nature of DITU and its sub-units' work is, on the face of it, entirely legal. "It's certainly true that pursuant to law, the bureau can and does collect a broad range of metadata for use in both criminal cases and domestic intelligence work," said Daniel Richman, professor of law at Columbia Law School. Richman is a confidant of former FBI director James Comey, as revealed last year when he leaked memos detailing conversations Comey had with President Trump.
Richman added: "And pursuant to warrants, it has engaged in various network exploitations, what some call 'legal hacking'. Whether or not you call that collection SIGINT, the Bureau is the primary domestic intelligence agency."
The FBI declined to comment for this article.