Searches and Surveillance - Criminal vs. Intelligence

February 11, 2018 

 

This article is not intended to be a strict legal interpretation of law. It is intended only to facilitate an understanding of different types of searches based purely on my own experience as a retired Special Agent of the FBI. For strict legal interpretations, consult a properly licensed attorney with knowledge and experience in all aspects of law being discussed herein.

Criminal Searches

Planned criminal searches can be lawfully conducted by sworn law enforcement officials in two ways, either by consent or via a Court-authorized Search Warrant (criminal warrant) or Title III surveillance. For the purposes of comparing criminal vs. intelligence searches and surveillance, I am only going to address Court-authorized Search Warrants as they require the lowest degree of certainty to acquire.

To obtain a criminal warrant, an officer of the law must show there is probable cause to believe evidence of a crime will be found at the location to be searched. For example, identifying a bank robber from bank surveillance cameras does not provide probable cause, on its own, to search the bank robber’s residence. The officer of the law must have reason to believe that evidence of the bank robbery will be found at the bank robber’s residence. Perhaps a witness saw the robber running into the robber’s house a short time after the robbery carrying a bag matching the description of a bag seen on the surveillance footage being carried out of the bank by the robber.

In a phishing case I investigated, I was able to get a criminal warrant for a Yahoo! e-mail account because I found computer code within an identified phishing web page that would transmit any collected Personally Identifiable Information (PII) such as bank account information to that e-mail account. Having obtained that code, along with money being stolen from online accounts of the bank whose web pages were being spoofed, gave me the ability to show the Court that I had probable cause to believe the e-mail account would contain evidence of PII being obtained through the phishing scheme I was investigating. Once I obtained the warrant, I received from Yahoo! all e-mail messages either sent or received from that e-mail account that had not been deleted by the account owner. What I found was a number of e-mail messages in which the body of the message was in a very specific format of PII that precisely matched the format that would be generated by the computer code that I used to get the warrant. Upon review of the e-mail messages and address book within the e-mail account, I was able to find evidence of criminal phishing activity that I was then able to use to provide probable cause to search additional e-mail accounts that were linked to the criminal activities of the phishing account.

Just because an e-mail account is seen to be communicating with the phishing account, however, doesn’t provide sufficient probable cause to get a warrant to search the other e-mail account. To search other e-mail accounts, I had to show they were in some way connected to the criminal activities conducted using the original account and that there was a likelihood the other accounts would contain evidence of criminal activity or identification of the user of the phishing account.

The criminal warrant is the type of search warrant for which the public is most familiar, largely because it has Fourth Amendment protections attached and is wide open to public scrutiny, media, and entertainment.

Intelligence Searches

Intelligence searches are quite different from criminal searches, information about them does not normally become publicly available, and they are not used for criminal prosecutions having Fourth Amendment protections. They are intended for the collection of information related to attempts by other countries to collect intelligence that can be used to harm the national security of the United States. Obtaining an intelligence warrant does not require probable cause that evidence of criminal activity will be found.

At any given moment in time, there are hundreds of active intelligence warrants covering thousands of individuals, some of which happen to be U.S. citizens. Since the information obtained from intelligence warrants is not intended to be used for criminal prosecution, and rarely is, it is almost never publicly disclosed. As such, it would be extremely rare for anyone who has been under the surveillance of an intelligence warrant to ever know they were under surveillance.

While highly secretive, getting intelligence warrants is not a simple process that is available for the asking. Though the U.S. Attorney’s Offices who oversee the prosecution of federal criminal cases are rarely involved in acquiring an intelligence warrant, the Department of Justice (DOJ) and the Judicial Branch of the U.S. Government are still fully engaged. The Judiciary is represented by the FISA Court (FISC).

Agents of the FBI are not able to simply get an intelligence warrant because they want one. They must be able to show to both DOJ and the FISC that they have probable cause to believe that any surveillance authorized by the intelligence warrant will likely produce evidence of intelligence activities intended to harm the national security of the United States.

I would estimate that less than one percent of U.S. citizens are ever caught in the output of data produced through intelligence warrants. If you are a U.S. citizen who is in frequent contact with non-citizens who are always asking probing questions about the operations of the U.S. Government, including its military, or U.S. infrastructure, then there is a remote chance you have been caught up in surveillance authorized by an intelligence warrant. Unlike the requirements of criminal warrants, however, there is no notification requirement to ever disclose the targets or outcomes of intelligence warrants. You can’t be prosecuted for criminal activities, including espionage, based solely on “evidence” obtained from an intelligence warrant.

Intelligence warrants are authorized for a limited period of time and come with very strict requirements to protect the privacy of U.S. citizens while they are engaged in everyday activities that have nothing to do with the national security of the United States. Once the initial period of time expires, renewals may be granted only if information was collected that had the potential to harm the national security of the United States. If no such information is collected, the warrant will not be renewed. Both DOJ and the FISC have to agree that the requirements have been met at the time of both initiation and renewal. It is never rubber stamped and it is never what one might consider a “slam dunk”.