-
April 27, 2015
VIA ELECTRONIC TRANSMISSION
The Honorable Sally Quillian Yates Acting Deputy Attorney
General U.S. Department of Justice 950 Pennsylvania Avenue, NW
Washington, DC 20530
Dear Acting Deputy Attorney General Yates:
Recent media reports have stated that the Drug Enforcement
Agency (DEA) spent millions of taxpayer dollars to purchase a
spyware program from an Italian hacking company in 2012.1 According
to the reports, the spyware, known as Remote Control System (RCS),
can surreptitiously turn on a users webcam and microphone, collect
passwords, and is capable of intercepting phone calls, texts, and
social media messages. Obviously, the use of such capabilities can
raise serious privacy concerns.
The Judiciary Committee needs a more detailed understanding of
the DEAs use of spyware programs such as RCS, including details
regarding the agencys policies and procedures for using these
programs, the legal authorities pursuant to which the DEA deploys
them, and the audit procedures used to ensure they are used in
compliance with both DEA policies and procedures, as well as the
law.
Accordingly, please provide written responses to these questions
by May 11, 2015:
1. Which spyware and related programs has the DEA used in the
field since 2012?
1Lorenzo Franceschi-Bicchierai, The DEA Has Secretly Been Buying
Hacking Tools From An Italian Company, MOTHERBOARD, April 15, 2015,
available at:
http://motherboard.vice.com/read/the-dea-has-been-secretly-buying-hacking-tools-from-an-italian-company;
Timothy J. Seppala, The DEAs Using Powerful Spyware For
Surveillance Too, ENDGAGET, April 16, 2015, available at:
http://www.engadget.com/2015/04/16/dea-spyware/.
-
Acting Deputy Attorney General Yates April 27, 2015 Page 2 of
3
a. What are each programs capabilities?
b. How much has the DEA spent on each program?
c. How many times has the DEA used each of programs in the
field, and in
what capacity?
2. What are the internal DEA policies and procedures related to
requesting, approving, deploying, and terminating the use of
spyware and related programs?
3. For how long does the DEA retain any data obtained through
spyware?
a. Who has access to the data while it is in DEAs
possession?
b. How, if at all, is the data destroyed?
4. Pursuant to what legal authorities does the DEA deploy
spyware and related programs?
a. Does the DEA obtain a search warrant or other judicial
approval prior to
using such programs?
b. Does the DEA use different legal authorities or processes
based on the jurisdiction in which the targeted subject is
located?
5. What internal audit procedures does the DEA use to ensure
that spyware and related programs are used in accordance with
agency policies, procedures, and the law?
a. If they exist, have such internal audit procedures discovered
any violations of DEA policies, procedures, or applicable law
relating to the use of spyware or related programs? Has the DEA
discovered any such violations through other means?
b. If so, please provide the details of each violation, as well
as any remedial or punitive measures taken in response.
Please number your answers according to their corresponding
questions. In addition, please arrange for DEA officials to provide
a briefing to Judiciary Committee staff about these
-
Acting Deputy Attorney General Yates April 27, 2015 Page 3 of 3
issues following the provision of your responses, but in any event
no later than May 18, 2015. If you have any questions about this
request, feel free to contact Patrick Davis of my Committee staff
at (202) 224-5225. Thank you for your attention to this important
matter.
Sincerely,
Charles E. Grassley Chairman Senate Committee on the
Judiciary
