Watchdog says agency did not follow guidance on subpoenas for “bulk” collections.
The Drug Enforcement Administration over the past decade used its subpoena power to collect bulk telecommunications data during investigations but failed to follow legal protocol for protecting citizen privacy rights, a watchdog found.
The Justice Department inspector general’s office, in a Thursday report redacted to mask “law enforcement sensitive” information, examined three programs the agency uses for “bulk collections” of communications data that are “unrelated to an individual, group, or entity that is the target of an investigation.”
U.S. Code Title 21 Section 876(a) authorizes the DEA to issue administrative subpoenas, without court or other approval outside the agency, requiring the production of records that are “relevant or material” to certain drug investigations, the IG noted. But “several published court decisions have clearly suggested potential challenges to the validity of DEA’s use of its statutory subpoena power in this expansive, non-targeted manner,” it added. “We also found the absence of a legal review troubling.”
The three programs differ by origins and whether they involve other federal agencies, contractors or private third-party communications providers. In one example, the auditors found that DEA’s procedural safeguards for a data collection under one program are “not sufficiently clear or strong enough to ensure compliance with the requirement under Section 876(a) that the information being demanded is ‘relevant or material’ to a drug investigation,” the report said. Auditors analyzed the drop-down menus on the forms DEA officials use when invoking authority for such administrative subpoenas, and found them too general in protecting private information such as a confidential informant’s phone numbers, for example. “The DEA's procedures lacked standards or written guidance.”
Under another program, “DEA collected the bulk data without first developing a plan for the disposition or retention of the data, creating a risk that purchaser information unconnected to illicit activity will be retained in government electronic systems for a long duration,” the report concluded.
“To protect the unique capabilities of two of the programs, agents and analysts were instructed not to use the information from these programs in affidavits, court pleadings, or the like, and to keep the information isolated from official files,” the IG wrote. “They were instead instructed to ‘parallel construct’ the information by, for example, issuing a new administrative subpoena for the specific investigation.”
Though that approach was appropriate, the report said, “such techniques must be used consistent with the department’s discovery and disclosure obligations in criminal cases.”
The report made 16 recommendations to DEA and the Justice Department, including that they conduct “a rigorous written legal assessment” before initiating or reinstating a bulk collection program justified by non-target-specific subpoenas, and that they issue a final legal opinion on the programs whose rationale for permissibility is still in flux.
Both agencies agreed with all recommendations.