Skip to content

FBI failed to follow its own rules when it impersonated The Associated Press in a 2007 investigation

Post categories

  1. Freedom of Information
The FBI failed to follow its own rules when agents impersonated an Associated Press reporter in order to locate a…

The FBI failed to follow its own rules when agents impersonated an Associated Press reporter in order to locate a criminal suspect in 2007, according to documents newly released in response to a FOIA lawsuit filed by the Reporters Committee for Freedom of the Press and The Associated Press.

The documents further show that after the impersonation became public, an FBI analysis determined that the non-compliance was reasonable, raising questions about the efficacy of the guidelines altogether.

The Reporters Committee and AP sued the FBI Federal Bureau of Investigation and Department of Justice last August for records related to the FBI’s practice of impersonating the news media.

The lawsuit seeks answers to three basic questions: What are the FBI’s rules regarding impersonation of the media on the internet? How often, and under what circumstances, do FBI agents pose as members of the news media during criminal investigations? And did the FBI follow its own rules in the 2007 investigation in which, as the agency has confirmed, it impersonated AP to deliver malware to the computer of a juvenile suspected of making anonymous bomb threats to his Seattle-area high school?

The Seattle investigation was revealed in 2014, when Christopher Soghoian, a technologist at the American Civil Liberties Union, reviewed documents previously released to the Electronic Frontier Foundation under FOIA and found that the FBI had drafted a fake AP article as a cover for transmitting malware to a Timberline High School student suspected of emailing bomb threats to his school.

Shortly thereafter, FBI Director James Comey sent a letter to the editor of The New York Times confirming not only that the FBI had drafted a fake AP news article for purposes of sending malware to the suspect, but also that an “online undercover officer portrayed himself as an employee of The Associated Press, and asked if the suspect would be willing to review a draft article about the threats and attacks, to be sure that the anonymous suspect was portrayed fairly.”

The Reporters Committee and AP each filed FOIA requests seeking information about the policies, practices, and circumstances surrounding the agency’s impersonation of the media, both in the Timberline case and as a general matter.

In February, six months after the Reporters Committee and AP filed suit, the FBI produced some documents responsive to some of the FOIA requests. Among other things, the FBI produced portions of documents setting out internal guidelines for investigations, like the Timberline operation, that implicate “sensitive circumstances.” These documents, some of which did not appear to have been previously produced, described the internal review processes that agents are required to follow before they may impersonate the news media. (Asked about whether the documents had been released before, the FBI said it cannot provide an additional comment on the FOIA release.)

The FBI referenced the Attorney General’s Guidelines on FBI Undercover Operations (AGG-UCO), which describe a complex set of requirements for approving undercover operations involving 15 categories of “sensitive circumstances,” including situations involving “untrue representations” concerning third parties, or activities that create a significant risk that a person will enter into a confidential relationship with an undercover operative posing as a member of the news media.

When sensitive circumstances exist, a Special Agent in Charge must seek approval, in writing, from FBI Headquarters. The AGG-UCO also require a “letter from the appropriate Federal prosecutor indicating that he or she has reviewed the proposed operation, including the sensitive circumstances reasonably expected to occur, [and] agrees with the proposal and its legality.” The application must be reviewed by FBI Headquarters, sent to the Undercover Review Committee, and approved by a high-ranking FBI official.

The FBI also produced portions of what appears to be its Field Guide for Undercover and Sensitive Operations (FGUSO), its manual for implementing the AGG-UCO. The FGUSO, which to the Reporters Committee’s knowledge has not previously been published, notes that the mere existence of sensitive circumstances involving “privileged relationships,” such as those between reporters and sources, requires review by the Undercover Review Committee.

This document, the title of which the FBI has not provided, indicates that the evaluation and approval process that the Undercover Review Committee undertakes for operations involving sensitive circumstances is “extensive.”

The review processes for operations involving “sensitive circumstances” appear to be intended to guard against exactly the type of damage that was done in the Timberline case. As AP General Counsel Karen Kaiser pointed out, the Timberline suspect “could easily have reposted this story to social networks, distributing to thousands of people, under our name, what was essentially a piece of government disinformation.”

Among other things, when the Undercover Review Committee considers a “sensitive circumstance” such as impersonation of the news media, it must “weigh[] the risks and benefits of the operation,” including the risks of reputational damage, interference with confidential relationships, and “the suitability of government participation in the type of activity that is expected to occur.” Had the Seattle field office sought approval in the 2007 Timberline case, the Undercover Review Committee may have recognized that the government’s unnecessary appropriation of a news organization’s name raises special concerns for the credibility of an independent press.

Yet one heavily redacted document produced by the FBI as a result of the lawsuit suggests that the agency did not follow its own rules when an agent posed as an AP reporter in the Timberline investigation. On Oct. 31, 2014, when outrage regarding the FBI’s impersonation of AP was at its highest, the Cyber Division prepared a “Situation Action Background” document offering an after-the-fact analysis of the 2007 Timberline investigation.

The Cyber Division concluded that “[a]lthough an argument can be made the reported impersonation of a fictitious member of the media constituted a ‘sensitive circumstance’” that would have required review by FBIHQ, the Undercover Review Committee, and approval by a high-ranking FBI official, the FBI’s failure to observe its own guidelines was not unreasonable.

The Cyber Division’s conclusion raised more questions than it answered. If the FBI’s failure to observe its guidelines was reasonable in the Timberline case, when, if ever, does the agency follow the review and approval process set out in the FGUSO and AGG-UCO?

In the FOIA requests, the Reporters Committee and AP each sought information about other investigations, separate from Timberline, in which the FBI has similarly usurped the identity of an individual or organizational member of the news media in order to deliver malware to a criminal suspect. None was produced.

The Reporters Committee and AP have argued in their ongoing case that these omissions reflect the inadequacy of the FBI’s search for records in response to their FOIA requests. Further, the lack of records pertaining to investigations other than the Timberline case raises concerns about whether the FBI frequently disregards its internal processes for such operations.

The Cyber Division’s conclusion is additionally troubling because the type of tool at issue in the Timberline case is widely used by agents seeking to locate anonymous criminal suspects. Because the Timberline suspect had obscured his internet protocol address, the FBI sought to deliver a type of data extraction software called a “Computer and Internet Protocol Address Verifier” (CIPAV) designed to extract the computer’s true IP address and locate the suspect.

The FBI is increasingly using so-called “hacking tools” and “network investigative techniques” like the CIPAV in criminal investigations, but has reportedly maintained no “central and complete listing” of the instances in which they have been deployed.

The Department of Justice also wants to make it easier to use hacking tools, and proposed an amendment to Federal Rule of Criminal Procedure 41, which concerns the issuance of search warrants, that would ease requirements for so-called "hacking warrants." (The amendment has been approved by the Judicial Conference and the Supreme Court, but has not yet taken effect; two federal district court judges have recently suppressed evidence gleaned from hacking warrants on jurisdictional grounds.)

The apparent frequency with which the FBI seeks hacking warrants has raised additional questions about the agency’s methods and the appropriate form of judicial oversight. At the very least, the FBI’s production of the FGUSO confirms at least some of the FBI’s relevant review processes for undercover operations involving sensitive circumstances such as media impersonation. But the agency’s apparent conclusion that those review processes may “reasonably” be disregarded in situations like the Timberline case signals that the FBI’s internal procedures may be less robust than they appear.

Reporters Committee attorneys are representing The Associated Press as well as the Reporters Committee as plaintiffs in this matter.

Stay informed by signing up for our mailing list

Keep up with our work by signing up to receive our monthly newsletter. We'll send you updates about the cases we're doing with journalists, news organizations, and documentary filmmakers working to keep you informed.