FBI: NSA reform could hurt cyber probes

The FBI’s cyber crime investigations would “obviously” suffer if Congress doesn’t reauthorize Section 215 of the Patriot Act, which allows the FBI to request business records from major companies.

“If that expires, obviously it’s going to impact what we do as an organization and certainly on cyber,” said Joseph Demarest, assistant director of the FBI's Cyber Division, during a roundtable discussion with reporters Tuesday.


Congress must reauthorize the controversial portion of the law by June 1. Civil liberties advocates argue the 215 program is an invasion of privacy, granting the National Security Agency (NSA) blanket authority to spy on Americans.

But two leaders of the FBI’s digital crime unit said losing the program would reduce the bureau’s effectiveness.

The business records request program based on Section 215 allows the FBI to obtain customer records from places like major telecom companies without going through the public court system.

“We use that in working with, I’ll say major providers,” Demarest said. “And we’re looking at historical records.”

“Not having the ability to use that as a vehicle to obtain that information,” Demarest added, “that’s the problem we face.”

The FBI argues that the 215 program approach allows investigators to go after cyber crooks without tipping their hand to possible accomplices.

“Are you going to want to reveal certain things that you found out in a criminal court of law if it means that you might prosecute one guy, but you could damage multiple other investigations going on?” asked Robert Anderson, who leads the FBI’s Criminal, Cyber, Response, and Services Branch.

But privacy and civil liberties advocates, both in and out of Congress, argue that the lack of transparency can lead to abuse.

A White House appointed independent review board last year concluded the program was borderline illegal, allowing the NSA too broad an authority to indiscriminately collect data.

Anderson said the 215 program can help the FBI counter what it calls the “going dark” problem. As major companies adopt strong encryption, a growing number of criminals can operate with digital anonymity, he said.

“In the last two to three years, that whole ‘going dark’ thing went from a crawl to a flat-out sprint because the technology is changing so rapidly,” Anderson explained.

Congressional fights over reauthorizing the program are expected to begin in the coming months.

Lawmakers nearly moved on a bill late last year that would have mostly ended the 215 program, but were unable to get the measure through the Senate.

The Capitol Hill battles have certainly caught the attention of the FBI’s cyber wing, Anderson said.

“Whether it’s a bill or a law that’s trying to go into place that could potentially change our collection posture, or the bad guys using infrastructure technically that we can’t get to,” he said, “this is an area that we’re constantly looking at.”