Postal Service Surveillance Program Targeted in EPIC Lawsuit ‘Exceeded’ Legal Authority, Inspector General Finds

A controversial U.S. Postal Inspection Service surveillance program targeted in an EPIC lawsuit “exceeded [its] law enforcement authority” by conducting searches of social media unrelated to the security interests of the Postal Service, according to a new report by the USPS Inspector General. The IG found that officials from Internet Covert Operations Program (iCOP) unlawfully used an “open-source intelligence tool” to search for keywords like “protest,” “attack,” and “destroy” while “intentionally omitt[ing] terms that would indicate a postal nexus[.]” The IG determined that as many as 28 percent of the intelligence-gathering requests handled by iCOP may not have been “authorized under the Postal Inspection Service’s legal authority,” including “14 requests for facial recognition services” that contained “very little or no explanation for the request.” The IG also found that Inspection Service employees “did not properly maintain records” associated with iCOP surveillance, storing “significant amounts of PII … such as addresses, birthdates, and social security numbers” on their work computers. The IG report was issued March 25—the same date that a federal court dismissed EPIC’s lawsuit challenging the iCOP program over its failure to conduct privacy impact assessments required by the E-Government Act. EPIC is considering next steps in the case.