Postal inspectors’ covert surveillance program conducted unauthorized searches and exceeded its law enforcement authority, according to a new audit from the United States Postal Service’s watchdog.
The USPS Inspector General found more than a quarter of analysts’ work on a covert program over two-plus years may not have had legal authorization.
The inspector general dug into the postal inspectors’ Internet Covert Operations Program (iCOP) at the request of the House Oversight and Reform Committee, which urged the watchdog last year to review accusations that the postal service surveilled Americans’ social media accounts through iCOP.
“We determined that certain proactive searches iCOP conducted using an open-source intelligence tool from February to April 2021 exceeded the Postal Inspection Service’s law enforcement authority,” said the audit dated March 25.
“Furthermore, we could not corroborate whether other work analysts completed from October 2018 through June 2021 was legally authorized,” the auditors wrote.
In particular, the inspector general audit said it “could not corroborate whether 28 percent of the work” conducted by analysts from October 2018 through June 2021 had legal authorization.
The iCOP work was renamed the Analytics Team in April 2021, amid mounting scrutiny from lawmakers and privacy advocates. Analysts working on covert surveillance conducted unauthorized searches using an intelligence tool, the identity of which is redacted in the inspector general audit.
“From February 19 to April 21, 2021, iCOP used one of the 10 profiles established in the [redacted] intelligence tool to conduct searches that were not legally authorized,” the audit said. “This tool manages proactive intelligence gathering by constantly monitoring open-source websites, including social media and message platforms, for predefined sets of keywords.”
Analysts’ work needs a postal component to get authorization, but the audit found the keywords used by one of the profiles did not mention the mail, postal crimes, or postal facilities and personnel. Instead, keywords included terms such as “protest,” “attack,” and “destroy.”
The inspector general audit said the problems happened because the postal inspectors’ management did not involve its legal team in developing its covert surveillance program and procedures.
The management disagreed that its analysts’ searches were not legally authorized.
“Management did not agree that certain proactive intelligence searches that iCOP conducted exceeded the Postal Inspection Service’s law enforcement authority,” the audit said. “Specifically, while they agreed that Postal Inspection Service activities need a postal nexus, they did not agree that the agency is required to limit searches to terms that have a postal nexus. Instead, they stated the focus should be on whether the purpose of the search itself has a postal nexus.”
The United States Postal Inspection Service did not comment last week regarding the audit and its findings.
The inspection service said it was working on a response to the audit.
Accusations that postal inspectors snooped on Americans’ social media accounts emerged last year following Yahoo! News’ publication of a bulletin revealing iCOP analysts examining “right-wing Parler and Telegram accounts” ahead of planned protests.
The bulletin also indicated iCOP analysts utilized Facebook and Twitter.
The inspector general’s audit said more than 15 iCOP reports produced from September 2020 to April 2021 focused on protest activities and had no postal nexus.
Fewer than five iCOP reports were categorized as “election-related” and at least one election-related report had no postal nexus.
The audit said postal inspectors’ management agreed to conduct a full review of the Analytics Team’s responsibilities, actions, and procedures to develop a process to ensure its work is authorized and intends to implement those changes by Sept. 30.
The management also agreed to run its keywords used in searches by its legal team and update its standard operating procedures accordingly by April 29, according to the audit.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.