US Federal law enforcement agencies have been tracking Americans – in real-time – without getting a court order, a newly released document shows. The revelation sheds a little more light on the Justice Department’s increasing power and willingness to surveil Americans with little to no judicial or Congressional oversight. The document, obtained by security researcher Christopher Soghoian, explains how so-called “Hotwatch” orders allow for real-time tracking of suspected individuals in a criminal investigation via credit card companies, rental car agencies, calling cards, and even grocery store loyalty programs.
“We currently have no idea how often law enforcement agencies engage in real-time surveillance of financial transactions.”
And that gives them a live feed of transaction data, according to wired.com. For credit cards, agents can get real-time information on a person’s purchases by writing their own subpoena, followed up by a order from a judge that the surveillance not be disclosed.
Then the agent sends a request for “Any and all records and information relating directly or indirectly to any and all ongoing and future transactions or events relating to any and all of the following person(s), entitities, account numbers, addresses and other matters…”
US Federal agents can also go the traditional route — going to a judge, proving probable cause and getting a search warrant — which means the target will eventually be notified they were spied on.
However, the document suggests that the normal practice is to ask for all historical records on an account or individual from a credit card company, since getting stored records is generally legally easy.
Every year, the Justice Department does have to report to Congress the numbers of criminal and national security wiretaps undertaken, as well as the number of National Security Letters issued.
Tens of thousands of NSLs are issued yearly — most with gag orders that forbid ISPs or librarians from ever saying they have ever been served with such a subpoena.
But the Justice Department does not report or make public the number of times it got real time or historic cell phone location information, nor how often it is using these so-called “hotwatch” orders.
It’s not clear what standards an agent would have to follow to get a “Hotwatch” order. The Justice Department told Soghoian the document is the only one it could find relating to “hotwatches” — which means there is either no policy or the department is witholding relevant documents.
“The Justice Department did not return a call for comment,” wired.com writes.
“A 10 page Powerpoint presentation (pdf) that I recently obtained through a Freedom of Information Act Request to the Department of Justice, reveals that law enforcement agencies routinely seek and obtain real-time surveillance of credit card transaction. The government’s guidelines reveal that this surveillance often occurs with a simple subpoena, thus sidestepping any Fourth Amendment protections,” Christopher Soghoian writes in a recent blog post.
On October 11, 2005, the US Attorney from the Eastern District of New York submitted a court filing in the case of In re Application For Pen Register and Trap and Trace Device With Cell Site Location Authority (Magistrate’s Docket No. 05-1093), which related to the use of pen register requests for mobile phone location records.
In that case, the US Attorney’s office relied on authority they believed was contained in the All Writs Act to justify their request for customer location information.
In support of its claim, the office stated that:
“Currently, the government routinely applies for and upon a showing of relevance to an ongoing investigation receives “hotwatch” orders issued pursuant to the All Writs Act. Such orders direct a credit card issuer to disclose to law enforcement each subsequent credit card transaction effected by a subject of investigation immediately after the issuer records that transaction.”
A search of Google, Lexisnexis and Westlaw revealed nothing related to “hotwatch” orders, and so I filed a FOIA request to find out more. If the government “routinely” applies for and obtains hotwatch orders, why wasn’t there more information about these.
It took a year and a half to learn anything. The Executive office of US Attorneys at the Department of Justice located 10 pages of relevant information, but decided to withhold them in full. I filed my first ever FOIA appeal, which was successful, albeit very slow, and finally received those 10 pages this week.
As the document makes clear, Federal law enforcement agencies do not limit their surveillance of US residents to phone calls, emails and geo-location information. They are also interested in calling cards, credit cards, rental cars and airline reservations, as well as retail shopping clubs.
The document also reveals that DOJ’s preferred method of obtaining this information is via an administrative subpoena. The only role that courts play in this process is in issuing non-disclosure orders to the banks, preventing them from telling their customers that the government has spied on their financial transactions. No Fourth Amendment analysis is conducted by judges when issuing such non-disclosure orders.
While Congress has required that the courts compile and publish detailed statistical reports on the degree to which law enforcement agencies engage in wiretapping, we currently have no idea how often law enforcement agencies engage in real-time surveillance of financial transactions.
Well, here’s a copy of the pretty hot document.
And here’s more interesting stuff from wired.com: