FC: Justice Department publishes "list of post-9-11 accomplishments"

[Declan McCullagh <declan () well com>]

On Monday, the Justice Department published a kind of best-hits list 
trumpeting what it accomplished in the year since Sept. 11, 2001.

Excerpts follow.

-Declan

---

http://www.politechbot.com/docs/doj.accomplishments.090902.doc

J u s t i c e   D e p a r t m e n t
A c c o m p l i s h m e n t s   i n   t h e
W a r   on   T e r r o r i s m

The Shift from Investigation to Prevention


-	FBI: $412 million in additional funds as follows:  $223 million to 
increase intelligence and surveillance capabilities, response capabilities, 
and additional equipment and support personnel; $109 million to enhance 
various FBI information technology projects, including digital storage of 
documents, data management and warehousing, collaborative capabilities, IT 
support for Legal Attaches, continuity of operations, video 
teleconferencing capabilities, and Trilogy support and mainframe data 
center upgrades; and $78 million to harden FBI information systems against 
inappropriate and illegal use and intrusion, and to conduct background 
investigations. The total proposed FY 2003 budget for the FBI ($4.3 
billion) is a 19% increase over FY 2002 ($3.6 billion pre-CT 
Supplemental).  With these increases, the FBI budget has increased by 
almost one-third over the past two years (29%).

·	State and Local Anti-Terrorism Training  (SLATT) Program Has Provided 
Assistance to Law Enforcement Authorities.  The State and Local 
Anti-Terrorism Training (SLATT) Program, administered by OJP’s Bureau of 
Justice Assistance, provides training and technical assistance on 
pre-incident preparation and preparedness to state and local law 
enforcement administrators and prosecution authorities.  SLATT works in 
close cooperation with the FBI’s National Security Division Training Unit, 
delivering specialized executive, investigative, intelligence, and officer 
safety training.


·	May 29, 2002: The FBI Announced Ten Reshaped Priorities Which Focus First 
on Preventing Terrorist Attacks:

1)      Protect the United States from terrorist attack
2)	Protect the United States against foreign intelligence operations and 
espionage
3)	Protect the United States against cyber-based attacks and high 
technology crimes
4)      Combat public corruption at all levels
5)      Protect civil rights
6)      Combat transnational and national criminal organizations and enterprises
7)      Combat major white-collar crime
8)      Combat significant violent crime
9)      Support federal, state, local and international partners
10)     Upgrade technology to successfully perform the FBI’s mission



·       Enhanced Terrorist Surveillance Procedures (USA PATRIOT Act, Title II):

-	Adds terrorism crimes to the list of offenses for which wiretap orders 
are available, also makes wiretap orders available to investigate computer 
fraud.  The wiretap statute authorizes the government to seek a court order 
to intercept communications relating to a list of enumerated 
crimes.  Previously that list did not include a number of offenses that 
terrorists are likely to commit.  The offenses added under Section 201 
include chemical weapons offenses, killing United States nationals abroad, 
using weapons of mass destruction, and providing material support to 
terrorist organizations.  Section 202 expands the availability of wiretaps 
to include communications that could reveal evidence of felonious computer 
fraud.  This provision enables law-enforcement personnel to gather 
information about attacks on computer systems, which sophisticated 
international terrorist organizations are capable of planning.  (Section 
201 and 202: Authority to Intercept Wire, Oral, and Electronic 
Communications Relating to Terrorism)

-	Allows law-enforcement personnel to share grand-jury and wiretap 
information regarding foreign intelligence with various other federal 
officers without first obtaining a court order, including law-enforcement, 
intelligence, protective, immigration, national-defense, and 
national-security personnel.  Previous law sharply limited the ability of 
law-enforcement personnel to share investigative information, and hampered 
terrorism investigations.  Section 203 establishes a general rule that, 
notwithstanding any other provision of law, federal law-enforcement 
personnel may share foreign-intelligence information with intelligence, 
protective, immigration, national-defense, and national-security 
personnel.  The Department has regularly utilized this authority to share 
information in connection with its terrorism investigation, and the 
Attorney General is finalizing procedures to institutionalize such 
cooperation.  (Section 203: Authority to Share Criminal Investigative 
Information)

Authorizes the Director of the FBI to hire translators to support 
counter-terrorism operations, without regard to federal personnel 
limitations.  The Department regularly utilizes this expanded authority, 
with great results in improving the efficiency and efficacy of intelligence 
operations.  (Section 205: Employment of Translators by the Federal Bureau 
of Investigation)

-	Improves the ability of law-enforcement officers to enlist the help of 
third parties, such as landlords, in conducting court-ordered 
surveillance.  Foreign Intelligence Surveillance Act (“FISA”) permitted the 
government to require certain third partiesincluding common carriers, 
landlords, and custodiansto assist in conducting court-ordered 
surveillance.  However, previous law did not allow law-enforcement 
personnel to seek the assistance of a third party unless the FISA court has 
issued an order specifically naming him, which required repeated trips to 
court, wasting valuable time and resources.  Section 206 allows 
law-enforcement officers to enlist the help of a newly discovered third 
party by presenting him with a generic court order.  This enhances the 
government’s ability to monitor international terrorists and intelligence 
officers who are trained to thwart surveillance by rapidly changing hotel 
accommodations, cell phones, and internet accounts, just before important 
meetings or communications.  (Section 206: Roving Surveillance Authority 
Under the Foreign Intelligence Surveillance Act of 1978)

-	Increases the length of surveillance and search orders granted by 
court.  Under previous law, the Foreign Intelligence Surveillance Court 
could only authorize investigations of foreign powers’ employees for up to 
45 days.  This required law-enforcement personnel to waste valuable time 
and resources renewing court orders.  Section 207 permits the FISA court to 
authorize physical searches and electronic surveillance of foreign powers’ 
employees for up to 120 days (other persons could be searched / surveilled 
for 90 days) and further authorizes search / surveillance orders to be 
extended for periods of up to one year.  Section 207 would apply only to 
foreign nationals.  (Section 207: Duration of FISA Surveillance of 
Non-United States Persons Who Are Agents of a Foreign Power)

-	Expedite seizure of voice-mail.  Previous law applied different standards 
to the seizure of unopened emails stored in a computer and unopened 
voice-mail messages stored with a service provider.  The government can 
obtain unopened emails by obtaining a search warrant, but needed a wiretap 
order to get unopened voice-mail messages from a service provider.  Section 
209 treats unopened voice-mail like unopened email, requiring that a search 
warrant be used.  This expedites seizure of voice-mail, and abolishes the 
current anomalous distinction between voice and data.  Section 209 
preserves officers’ ability under current law to obtain opened messages 
through a subpoena.  (Section 209: Seizure of Voice-Mail Messages Pursuant 
to Warrants)

-	Authorizes investigators to subpoena information about an internet user’s 
“temporarily assigned network address” (the internet equivalent of a 
telephone number), as well as billing records.  Under previous law, the 
government could issue an administrative subpoena to electronic 
communications providers that required them to disclose a small class of 
records, including a customer’s name, address, length of service, and 
long-distance telephone billing records.  All other recordsincluding those 
relating to the internet, which increasingly is terrorists’ preferred 
method of communicatingcould be obtained only through the cumbersome 
court-order process.  In fast-moving terrorist investigations, the delay 
can be significant.  Internet communications often are a critical method of 
identifying conspirators and determining the source of the attacks.  This 
provision authorizes investigators to subpoena information about an 
internet user’s “temporarily assigned network address,” as well as their 
billing records.  Speedy acquisition of this information could identify a 
perpetrator and link an individual terrorist to a larger 
organization.  Section 210 satisfies a vital law-enforcement need with only 
a minimal intrusion on privacy interests; it would not allow the government 
to obtain records of a user’s browsing activity.  (Section 210: Scope of 
Subpoenas for Records of Electronic Communications)

-	Cable companies subject to the same rules as other internet 
providers.  Many cable companies have begun to provide Internet and 
telephone service, and some companies have refused to comply with search 
warrants or subpoenas for records of their customers’ telephone and 
Internet use citing the Cable Act’s restrictions.  Section 211 clarifies 
that statutes governing telephone and Internet communications (and not the 
burdensome provisions of the Cable Act) apply to cable companies that 
provide Internet or telephone service in addition to television 
programming.  Section 211 clarifies that when a cable company acts as a 
telephone company or an Internet service provider, it must comply with the 
same disclosure laws that apply to any other telephone company or Internet 
service provider.  (Section 211: Clarification of Scope)

-	Allows communication providers to voluntarily disclose content of 
subscribers’ communications in emergencies that threaten death or serious 
bodily injury.  Previous law did not allow communications providers to 
disclose the content of their subscribers’ communications in emergencies 
that threaten death or serious bodily injury  and even though providers 
could disclose content to protect their rights and property, they could not 
in the same circumstances disclose non-content records (such as a 
subscriber’s login records).   The law thus prevented communications 
providers from acting quickly to prevent imminent terrorist or other 
criminal activity, and hindered their ability to protect themselves from 
cyber-terrorists and -criminals.  This section authorizes a provider to 
disclose its customers’ communications if it believes that an emergency 
threatens death or serious injury.  Immediate disclosure is critical, 
because there may be no time to obtain process.  Section 212 protects 
customers’ privacy interests because it merely allows, rather than 
requires, providers to disclose communications; the government cannot 
compel the disclosure of records.  Section 212 also clarifies that 
providers voluntarily may disclose both content and non-content records to 
protect their computer systems, protecting the infrastructures.  In one 
example, this provision was used to investigate a threat against a high 
school in Canada, where authorities obtained disclosure information from an 
internet service provider in the United States and identified the 
perpetrator, who confessed to the threat.  (Section 212: Emergency 
Disclosure of Electronic Communications to Protect Life and Limb)

-	Eases the legal requirements of law-enforcement officials to obtain court 
permission for pen/trap orders in international terrorism 
investigations.  Previously, FISA authorized pen register / trap and trace 
orderswhich enable law enforcement to collect non-content information about 
a communicationin investigations to gather foreign-intelligence information 
or information about international terrorism.  In contrast to the wiretap 
statute, FISA requires government personnel to certify, not just that the 
information they seek is relevant, but that the device to be monitored has 
been used to contact a foreign agent engaged in international 
terrorism.  Under section 214, the government can more easily obtain a pen 
/ trap order in investigations intended to protect against international 
terrorism or “clandestine intelligence activities.”  Pen / trap orders 
would be available if the information to be obtained, or the device to be 
tapped, is relevant to an international-terrorism investigation.  This 
provision clarifies that the government may not gather information from a 
United States individual’s protected First Amendment activities.  (Section 
214: Pen Register and Trap and Trace Authority Under FISA)

-	Allows law-enforcement officials to more easily obtain business records 
in international terrorism cases.  Previously, FISA made it extremely 
difficult for law-enforcement personnel to obtain business records in 
connection with a foreign-intelligence investigation.  Section 215 
authorized certain law-enforcement personnel to apply to the FISA court for 
an order requiring the production of any tangible thing.  The application 
must certify that the records are sought as part of an investigation of 
international terrorism or “clandestine intelligence activities.”  A United 
States person cannot be investigated on the basis of First Amendment 
protected activities.  (Section 215: Access to Records and Other Items 
Under the Foreign Intelligence Surveillance Act)

-	Authorizes courts to grant pen/trap orders in relation to the Internet, 
and makes the order effective anywhere in the United States.  Pen registers 
and trap and trace devices enable law-enforcement personnel to collect 
non-content information associated with communication.  They do not allow 
officers to eavesdrop on the conversation; they only reveal which numbers 
are dialed by, or received by, a particular telephone.  Law enforcement may 
use pen registers and trap and trace devices only by obtaining a court 
order.  Under previous law, such orders were valid only in the issuing 
court’s jurisdiction, and it was unclear whether pen registers and trap and 
trace devices could be used to track internet communications.  This 
provision authorizes courts to grant orders that are valid “anywhere within 
the United States,” ensuring law-enforcement officials no longer have to 
apply for new orders each time their investigation leads them to another 
jurisdiction.  Section 216 clarifies that the pen/trap provisions apply to 
facilities other than telephone lines, such as the internet.  This enables 
law enforcement to trace terrorists’ communications regardless of the media 
they use.  Law enforcement officials may not eavesdrop on the content of a 
communication, and this provision does not lower the standard courts use in 
deciding whether to issue a pen/trap order.  The Department has issued 
guidance clearly delineating departmental policy regarding the avoidance of 
“overcollection,” i.e., the collection of “content” in the use of pen 
registers or trap and trace devices governed by the statute.  (Section 216: 
Modification of Authorities Relating to Use of Pen Registers and Trap and 
Trace Devices)

-	Allows computer victims of hackers to request government assistance in 
monitoring and apprehending trespassers.  The wiretap statute previously 
prevented government assistance when victims of computer trespassing 
request help in monitoring unauthorized attacks.  Section 217 allows 
victims of computer attacks to authorize persons “acting under color of 
law” to monitor trespassers on their computer systems in a narrow class of 
cases.  Section 217 thus helps place cyber-intruders on the same footing as 
physical intruders: victims can seek law-enforcement assistance in 
combating hackers just as burglary victims can invite police officers into 
their homes to catch burglars.  Section 217 does not authorize 
law-enforcement authorities to intercept the communications of legitimate 
computer users.  (Section 217: Interception of Computer Trespasser 
Communications)

-	Increases availability of searches and surveillance under FISA.  Under 
previous law, law-enforcement personnel who applied for electronic 
surveillance or physical searches under FISA were required to certify that 
“the” primary purpose of their investigation was to gather foreign 
intelligence.  This required officers constantly to monitor the relative 
weight of their investigations’ criminal and intelligence 
purposes.  Section 218 clarified that the government may conduct FISA 
surveillance or searches if foreign-intelligence gathering is “a 
significant” purpose of the investigation.  This change reduces officers’ 
need to evaluate whether their investigations have predominantly criminal 
or intelligence purposes, and allows increased collaboration between 
law-enforcement and intelligence personnel.  The Department has 
implemented, and continues to refine, procedures to effectuate this 
provision. (Section 218: Foreign Intelligence Information)

-	Allows law-enforcement officials to obtain a search warrant anywhere a 
terrorist-related activity occurred.  Rule 41(a) of the Federal Rules of 
Criminal Procedure required law-enforcement personnel to obtain a search 
warrant in the district where they intend to conduct a search.  Terrorism 
investigations often span a number of districts, and officers therefore 
must obtain multiple warrants in multiple jurisdictions, creating 
unnecessary delays.  Section 219 provides that warrants can be obtained in 
any district in which terrorism-related activities occurred, regardless of 
where they will be executed.  This provision does not change the standards 
governing the availability of a search warrant, but streamlines the 
search-warrant process.  (Section 219: Single-Jurisdiction Search Warrants 
for Terrorism)

-	Allows a court, which has jurisdiction over the offense being 
investigated, to compel the release of stored communications by issuing a 
search warrant valid anywhere in the United States.  Under previous law, 
the government had to use a search warrant if it wished to obtain unopened 
email from a service provider.  But a court sitting in one jurisdiction is 
not able to issue a warrant that is valid in another jurisdiction.  This 
requirement unnecessarily delays officers’ access to critical 
information.  Section 220 allows a court, which has jurisdiction over the 
offense being investigated, to compel the release of stored communications 
by issuing a search warrant that is valid anywhere in the United 
States.  Section 220 would not dilute the substantive standards governing a 
search warrant’s availability.  (Section 220: Nationwide Service of Search 
Warrants for Electronic Evidence)

-	Provides the President with flexibility to impose certain trade 
sanctions.  The previous law prohibited the President from imposing 
unilateral agricultural and medical sanctions against foreign entities and 
governments.  Section 221 made an exception for sanctions on devices that 
could be used to develop missiles or other weapons of mass destruction.  It 
also expanded the President’s ability to restrict exports to the Taliban, 
or the portions of Afghanistan controlled by the Taliban.  In addition, 
section 221 of possible terrorist activity.

ü	November 13, 2001, Attorney General Directive to Designate an Official to 
Share Information Regarding Terrorist Investigations with State and Local 
Law Enforcement Officials:  Directed each U.S. Attorney to designate a 
Chief Information Officer (CIO) in order to centralize the process by which 
information relevant to the investigation and prosecution of terrorists can 
be shared with state and local officials.  In addition, directed each CIO 
of the district to solicit suggestions from state and local officials on 
the best way to disseminate information in the district and to establish 
communications protocols for information sharing.

ü	November 13, 2001, Attorney General Directive to Makes Counterterrorism 
Training Available to Local Law Enforcement Participants in the 
Anti-Terrorism Task Forces:  Issued to the Assistant Attorney General for 
the Office of Justice Programs, the Directors of the Office of Community 
Oriented Policing Services and the Office of Intergovernmental Affairs, and 
all United States Attorneys.  This directive required training similar to 
that of the Anti-Terrorism Coordinators be made available to local law 
enforcement participants in the ATTFs either at the National Advocacy 
Training Center in Columbia, South Carolina, or through remote training at 
the 94 United States Attorneys’ offices.

ü	April 11, 2002, Attorney General Directive to Institutionalize 
Information Sharing Efforts Through Shared Databases:  Issued to the Deputy 
Attorney General, the Assistant Attorneys General for the Criminal Division 
and the Office of Legal Policy, the Commissioner of INS, the Administrator 
of the DEA, and the Directors of the FBI, the Executive Office of United 
States Attorneys, the Marshals Service, and the Foreign Terrorist Tracking 
Task Force.  The directives included expanding terrorist information in law 
enforcement databases, coordinating foreign terrorist information with the 
Department of Defense and foreign law enforcement agencies, improving 
information coordination with state and local partners through the 
development of a secure but unclassified web-based system, and the 
standardizing of the procedures for the sharing of foreign intelligence and 
counterintelligence information obtained as part of a criminal 
investigation with relevant federal officials.

·	Investigative Guidelines: Implemented New Guidelines to Help Conduct 
Investigations Capable of Preventing Terrorist Attacks.  The new guidelines 
reflect the Attorney General’s mission for the Justice Department’s war on 
terror: to neutralize terrorists before they are able to strike.  The 
revised guidelines create new information- and intelligence-gathering 
authorities to detect terrorist plots, and strengthen existing provisions 
to promote effective intervention to foil terrorists’ plans.  Now they are 
poised for prevention.  The Attorney General, on May 30, 2002, released 
four guidelines, including:

-       General Crimes, Racketeering and Terrorism Investigations
-       FBI Undercover Operations
-       Confidential Informants
-       Lawful, Warrantless Monitoring of Verbal Communications

ü	The Guidelines Allow the FBI to Work to Prevent Crimes, Rather than Just 
Investigating Past Crimes.  The previous guidelines generally barred the 
FBI from taking the initiative to detect and prevent future crimes, unless 
it learned of possible criminal activity from external sources.  As a 
result, the FBI was largely confined to a reactive role.

-	Authorizing the FBI to Have Normal Public Access to Public Places.  Under 
the old guidelines, FBI field agents were inhibited from visiting public 
places, which are open to all other citizens.  Agents avoided them not 
because they were barred by the Constitution, or any federal statute, but 
because of the lack of clear authority under administrative guidelines 
issued decades ago.  The new guidelines clarify that FBI field agents may 
enter any public place that is open to other citizens, unless they are 
prohibited from doing so by the Constitution or federal statute, for the 
specific purpose of detecting or preventing terrorist activities.  The 
guidelines do not, and cannot, nullify any existing Constitutional or 
statutory duty to obtain judicial approval as required to conduct their 
surveillance or investigations.

-	Enhances Information-Gathering Ability, Allows General Internet Searches 
and Commercial Research Data.  In the past, there was no clear basis for 
conducting online research for counterterrorism purposeseven of publicly 
available informationexcept when investigating a specific case.  For 
example, FBI agents could not conduct online searches to identify websites 
in which bomb-making instructions or plans for cyberterrorism are openly 
traded and disseminated.  The new guidelines strengthen the FBI’s 
intelligence-gathering capabilities by expressly stating that agents may 
engage in online research, even when not linked to an individual criminal 
investigation.  They also authorize the FBI to use commercial data mining 
services to detect and prevent terrorist attacks, independent of particular 
criminal investigations.

-	Allows FBI Field Agents to Use Information Collected in the Earliest 
Stages To Investigate Groups Suspected of Terrorism.  Under the old 
Guidelines, preliminary inquirieswhere agents gather information before 
enough evidence has been uncovered to merit an outright investigationcould 
be used only to determine whether there was enough evidence to justify 
investigating an individual crime.  They could not be used to determine 
whether to open a broader investigation of groups involved in terrorism 
(i.e., “terrorism enterprise investigations”).  The FBI will be able to use 
preliminary inquiries to determine whether to launch investigations of 
groups involved in terrorism (i.e., “terrorism enterprise investigations”).

-	Expanding the Scope and Duration of Investigations, and Easing Red Tape 
for FBI Field Agents.  The previous guidelines impeded the effective use of 
criminal intelligence investigations (i.e., investigations of criminal 
enterprises) by imposing limits on the scope of such investigations, short 
authorization periods, and burdensome approval and renewal 
requirements.  The guidelines now expand the scope of criminal intelligence 
investigations, lengthen their authorization periods, and ease the approval 
and renewal requirements.  This flexibility enhances the FBI’s 
terrorism-preventing function and helps the agents in the field.






-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?qÞclan
CNET Radio 9:40 am ET weekdays: http://cnet.com/broadband/0-7227152.html
-------------------------------------------------------------------------