The DEA Spent Five Years Secretly Collecting Bulk Surveillance Data – Was it Legal?

A new report released by the Office of the Inspector General (OIG) details a previously secret surveillance operation conducted by the DEA from 2008 to 2013. The program, which “took steps to hide the effort from defendants and courts,” sought to identify potential drug traffickers by issuing administrative subpoenas to vendors in order to gain information, including names and addresses, about people who purchased money-counting machines. However, this is not the first time that the DEA has come under fire for collecting bulk personal information.

In 2015, when it filed a Freedom of Information Act request to gain information about the DEA’s collection of bulk surveillance data on calls made to and from foreign countries, the ACLU asserted that the federal government had “extended its use of bulk collection far beyond the NSA and the national security context, into ordinary law enforcement . . . [using] a strained and untenable theory of ‘relevance’ . . . to justify the surveillance of millions of innocent Americans using laws that were never written for that purpose.” This conception of relevance came from the DEA’s own defense of its surveillance activities, which it claimed only targeted calls between the United States and specific foreign countries “that were determined to have a demonstrated nexus to international drug trafficking and related criminal activities.” The DEA reported that it ceased collecting the bulk call information in September of 2013.

However, the DEA had been collecting the call data since the 1990s and did not disclose its actions until it was ordered to do so by a federal judge – after the DEA used information it had collected to bring criminal charges against a man for violating export restrictions in sending goods to Iran. After the surveillance program became public knowledge, several lawsuits were filed against the DEA, including one brought by Human Rights Watch. What remained unknown in 2015 was the fact that the DEA had engaged in other bulk data collection programs of questionable legality at the same time that the agency was monitoring phone calls.

The OIG’s recent, heavily redacted report concludes investigations into three DEA surveillance programs, one of which is the foreign “telephone metadata” that the DEA stopped collecting in 2013. Another is the subpoenaed information about purchasers of money-counters. From 2008 to 2013, the DEA used administrative subpoenas to create a database of personal information that it argued was relevant to its drug enforcement operations.

Importantly, both the telephone metadata program as well was the data collection pertaining to purchases of money-counters ceased in 2013 “amid the uproar over the disclosures by the [NSA] contractor Edward Snowden,” according to the OIG report. Perhaps the DEA was hesitant to continue collecting the data in the wake of Snowden’s whistleblowing because the agency doubted the legality of its own actions – or perhaps it simply feared public backlash. Either way, the OIG found in its report that the DEA “failed to conduct a comprehensive legal analysis” of its own authority to collect the purchase data. However, the DEA did rely on its delegated authority to issue administrative subpoenas under 21 U.S.C. § 876(a) to justify the program.

The OIG criticized the DEA’s failure to consider “any of several published court decisions available at the time . . . clearly suggesting potential challenges to the validity of the DEA’s use of Section 876(a)” despite indications that the DEA was “aware of the existence of case law casting doubt on the use of administrative subpoenas to collect bulk data for exploratory purposes.”

What the report suggests is that the DEA intentionally did not look at anything in the law that would lead the agency to question the validity of its own program.

What the DEA did do was cite a number of cases “in support of an argument that the ‘relevant or material’ standard under 21 U.S.C. § 876(a) is extremely broad and permits requests for the products of large collections of records” in a reinstatement memo prepared after the program’s termination. However, it does not appear that the program was ever reinstated.

What is clear is that other federal agencies, especially the F.B.I., had misgiving about using the data collected by the DEA. After the DEA submitted the metadata to a joint operations hub in 2013 so that different law enforcement agencies could use the collected information in their drug and organized crime investigations, the F.B.I “questioned whether the data had been lawfully acquired” and “banned its officials from gaining access to it.” 

Human Rights Watch has condemned this latest iteration of the DEA’s bulk surveillance, arguing that “it was an abuse to suck Americans’ names into a database that would be analyzed to identify criminal suspects, based solely upon their purchase of a lawful product.” The OIG report did not make a definitive finding that the DEA’s actions were illegal, but did provide recommendations to ensure legality in any surveillance programs moving forward – to protect against the kinds of abuse of power that many believe the agency has already committed.

Sam Taylor, 1 April 2019