You are on page 1of 3

April 27, 2015

VIA ELECTRONIC TRANSMISSION


The Honorable Sally Quillian Yates
Acting Deputy Attorney General
U.S. Department of Justice
950 Pennsylvania Avenue, NW
Washington, DC 20530
Dear Acting Deputy Attorney General Yates:
Recent media reports have stated that the Drug Enforcement Agency (DEA) spent
millions of taxpayer dollars to purchase a spyware program from an Italian hacking company in
2012.1 According to the reports, the spyware, known as Remote Control System (RCS), can
surreptitiously turn on a users webcam and microphone, collect passwords, and is capable of
intercepting phone calls, texts, and social media messages. Obviously, the use of such
capabilities can raise serious privacy concerns.
The Judiciary Committee needs a more detailed understanding of the DEAs use of
spyware programs such as RCS, including details regarding the agencys policies and procedures
for using these programs, the legal authorities pursuant to which the DEA deploys them, and the
audit procedures used to ensure they are used in compliance with both DEA policies and
procedures, as well as the law.
Accordingly, please provide written responses to these questions by May 11, 2015:
1. Which spyware and related programs has the DEA used in the field since 2012?

Lorenzo Franceschi-Bicchierai, The DEA Has Secretly Been Buying Hacking Tools From An Italian Company,
MOTHERBOARD, April 15, 2015, available at: http://motherboard.vice.com/read/the-dea-has-been-secretly-buyinghacking-tools-from-an-italian-company; Timothy J. Seppala, The DEAs Using Powerful Spyware For Surveillance
Too, ENDGAGET, April 16, 2015, available at: http://www.engadget.com/2015/04/16/dea-spyware/.

Acting Deputy Attorney General Yates


April 27, 2015
Page 2 of 3

a. What are each programs capabilities?


b. How much has the DEA spent on each program?
c. How many times has the DEA used each of programs in the field, and in
what capacity?
2. What are the internal DEA policies and procedures related to requesting,
approving, deploying, and terminating the use of spyware and related programs?
3. For how long does the DEA retain any data obtained through spyware?
a. Who has access to the data while it is in DEAs possession?
b. How, if at all, is the data destroyed?
4. Pursuant to what legal authorities does the DEA deploy spyware and related
programs?
a. Does the DEA obtain a search warrant or other judicial approval prior to
using such programs?
b. Does the DEA use different legal authorities or processes based on the
jurisdiction in which the targeted subject is located?
5. What internal audit procedures does the DEA use to ensure that spyware and
related programs are used in accordance with agency policies, procedures, and the
law?
a. If they exist, have such internal audit procedures discovered any violations
of DEA policies, procedures, or applicable law relating to the use of
spyware or related programs? Has the DEA discovered any such
violations through other means?
b. If so, please provide the details of each violation, as well as any remedial
or punitive measures taken in response.
Please number your answers according to their corresponding questions. In addition,
please arrange for DEA officials to provide a briefing to Judiciary Committee staff about these

Acting Deputy Attorney General Yates


April 27, 2015
Page 3 of 3

issues following the provision of your responses, but in any event no later than May 18, 2015. If
you have any questions about this request, feel free to contact Patrick Davis of my Committee
staff at (202) 224-5225. Thank you for your attention to this important matter.

Sincerely,

Charles E. Grassley
Chairman
Senate Committee on the Judiciary