Tech

Postal inspectors’ digital intelligence team sometimes acted outside of legal authorities, report says

USPS's internet analytics team occasionally used open-source intelligence tools beyond postal inspectors' law enforcement authorities, according to a watchdog.

By Joe Warminsky

March 30, 2022

A USPS postal truck in Beverly Hills on February 04, 2022 in Los Angeles, California. (Photo by Alexi Rosenfeld/Getty Images)

An internet intelligence and analytics support team for postal inspectors overstepped its legal authority in some cases, according to the inspector general for the U.S. Postal Service.

The Analytics Team, known until April 2021 as the Internet Covert Operations Program (iCOP), occasionally used open-source intelligence tools beyond the Postal Inspection Service’s legal authorities, and its record-keeping about some of that activity was inadequate, according to the March 25 report by the Office of the Inspector General for the USPS.

As part of their work assisting postal inspectors, the analysts conducted “proactive searches” for publicly available information online that could help root out postal crimes, the report says, but in some cases they used keywords that did not have a “postal nexus” — that is, “an identified connection to the mail, postal crimes, or the security of Postal Service facilities or personnel.”

Postal inspectors told the IG’s office that the keywords — such as “attack” or “destroy” — were meant to provide broad searches that could then be narrowed to a postal nexus. The IG report says the Postal Service’s Office of Counsel should have been more involved in vetting those search terms. Yahoo News first reported on the existence of iCOP in April 2021.

The IG office said it looked at a sampling of cases in early 2021 to reach its conclusions about the keywords. For other areas, it reviewed information available from October 2018 through June 2021. The report says it reviewed 434 instances where postal inspectors asked for analytical support from the team. Most of those — 72 percent — had a postal nexus.

The IG’s office also said postal inspectors should do more to document the process for requests made of the Analytics Team.

Leaders of the Postal Inspection Service said they “strongly disagree” with the specifics of the report, pointing to examples in federal case law that support its use of the Analytics Team and broadly authorize the kinds of activities cited by the IG’s office.

The IG’s office, in turn, noted that postal inspectors have agreed to many of the report’s recommendations for how the inspector-in-charge for analytics and the Inspection Service’s chief counsel can clarify the process for usage of open-source intelligence and bolster the record-keeping for those tasks.

“Therefore, the OIG considers management’s comments generally responsive to the recommendations in the report,” the IG’s office said.

The report lists several contracts that postal inspectors have with providers of open-source intelligence tools, but redacts the names of specific companies. Those activities include:

• Cryptocurrency blockchain analysis.
• Tools for gathering information about internet protocol (IP) addresses.
• Facial recognition tools.
• Monitoring social media for certain keywords.
• Searching social media for information about individuals.

As the IG’s report notes, the Analytics Team is part of the Postal Inspection Service’s Analytics and Cybercrime Program, which “provides investigative, forensic, and analytical support to field divisions and headquarters.”

Postal inspectors are sometimes involved in high-profile cybercrime cases, such as takedowns of dark web markets where customers pay in cryptocurrency for illicit goods that are then shipped through the mail.