WASHINGTON — An inspector general probe into the U.S. Postal Service surveillance program, known as iCOP, concluded that the agency did not have the legal authority to conduct the sweeping intelligence collection and surveillance of American protesters and others between 2018 and 2021.
The Postal Service Office of Inspector General launched an investigation into iCOP — which stands for Internet Covert Operations Program — at the request of Congress in direct response to reporting from Yahoo News last year.
“We determined that certain proactive searches iCOP conducted using an open-source intelligence tool from February to April 2021 exceeded the Postal Inspection Service’s law enforcement authority,” the March 25, 2022, inspector general report stated.
“Furthermore, we could not corroborate whether other work analysts completed from October 2018 through June 2021 was legally authorized.”
The audit of the program was prompted by Yahoo News’ reporting that revealed the existence of the secret program, as well as its use of facial recognition software and other sophisticated technology and software to compile and disseminate reports on Americans’ online speech and movements. A March 16, 2021, iCOP intelligence bulletin on American protesters was widely circulated by the Department of Homeland Security to state, local and federal law enforcement agencies nationwide.
Yahoo News’ reporting on the program prompted outrage from lawmakers and constitutional experts, who questioned whether the post office had the legal authority to target and collect information on U.S. citizens not suspected of any crime and with no connection to the post office.
In April 2021, Yahoo News revealed the existence of the iCOP surveillance, which used analysts to trawl the internet looking for “inflammatory” posts about nationwide Black Lives Matter protests. A series of follow-up reports revealedfurther detailsabout the program, which had been operating without the oversight or even the knowledge of Congress. (Yahoo News has filed its own lawsuit to obtain additional records related to iCOP.)
“The Oversight Committee requested this report because of our significant concerns about intelligence activities conducted by the Postal Service Inspection Service’s analytics team related to First Amendment activity,” Rep. Carolyn Maloney, D-N.Y, who chairs the House Oversight Committee, told Yahoo News in a Thursday statement. “The inspector general’s audit makes clear that the committee’s concerns were justified, and that the use of open-source intelligence by the analytics team ‘exceeded the Postal Inspection Service’s law enforcement authority.’”
Using sophisticated technology and software, iCOP was running keyword searches like “protest” on social media to collect online speech about a host of different events that contained no threats and had nothing to do with the Postal Service’s work.
The inspector general report notes that in April 2021 Postal Inspection Service lawyers asked iCOP to remove “protest” from its keyword searches “to protect constitutional rights.”
Frank Albergo, president of the Postal Police Officers Association, told Yahoo News that the Postal Inspection Service had “lost their way.”
“At this point they might as well take their mission statement of protecting the Postal Service and its employees and throw it in the garbage,” Albergo said, arguing that not enough attention is being paid by the agency to the “mail theft epidemic” of postal property that was happening at the same time.
The 26-page report concluded that the post office did not have the legal authority to compile reports on Americans involved in Black Lives Matter protests sweeping the nation. The report also found across-the-board violations of statutory and legal authority ranging from lack of legal authority to noncompliance with federal records retention to use of facial recognition software. It also said there was no record-keeping policy or procedures in place to make sure the work was legal.
The report repeatedly stressed that the Postal Service’s surveillance efforts need a “postal nexus,” or a connection to the Postal Inspection Service’s work.
“The Postal Inspection Service’s activities must have an identified connection to the mail, postal crimes, or the security of Postal Service facilities or personnel (postal nexus) prior to commencing,” the report said.
“However, the keywords used for iCOP in the proactive searches did not include any terms with a postal nexus. Further, the postal nexus was not documented in 122 requests and 18 reports due to a lack of requirements in the program’s procedures. These issues occurred because management did not involve the Postal Inspection Service’s Office of Counsel in developing iCOP or its procedures.”
The inspector general made a series of recommendations, including a complete review and overhaul of the program and the analyst division under which it operates. Postal Service leadership responded to each recommendation, objecting to most of the report’s conclusions and arguing that it has the authority to conduct wide-ranging surveillance and intelligence collection on U.S. citizens — without needing a nexus to the post office. It agreed to review some of its policies after the completion of the internal review recommended by the inspector general.
“We strongly disagree with the overarching conclusion that the U.S. Postal Inspection Service (Inspection Service) exceeded its legal authority and conducted improper intelligence searches,” the Postal Inspection Service wrote in response to the recommendations and findings of the inspector general audit. The response was included in the report.
Maloney, the Oversight Committee chair, said: “I fully support the Inspector General’s recommendation that Postal Service management perform a full review of the Analytics Team’s responsibilities, activities, and procedures, and I look forward to reviewing its result.”