More on Mail Cover

I've previously written about mail cover -- the practice of recording the data on mail envelopes. Sai has been covering the issue in more detail, and recently received an unredacted copy of a 2014 audit report. The New York Times has an article on it:

In addition to raising privacy concerns, the audit questioned the Postal Service's efficiency and accuracy in handling mail cover requests. Many requests were processed late, the audit said, which delayed surveillance, and computer errors caused the same tracking number to be assigned to different requests.


The inspector general also found that the Postal Inspection Service did not have "sufficient controls" in place to ensure that its employees followed the agency's policies in handling the national security mail covers.

According to the audit, about 10 percent of requests did not include the dates for the period covered by surveillance. Without the dates in the files, auditors were unable to determine if the Postal Service had followed procedures for allowing law enforcement agencies to monitor mail for a specific period of time.

Additionally, 15 percent of the inspectors who handled the mail covers did not have the proper nondisclosure agreements on file for handling classified materials, records that must be maintained for 50 years. The agreements would prohibit the postal workers from discussing classified information.

And the inspector general found that in about 32 percent of cases, postal inspectors did not include, as required, the date on which they visited facilities where mail covers were being processed. In another 32 percent of cases, law enforcement agencies did not return documents to the Postal Inspection Service's Office of Counsel, which handles the national security mail covers, within the prescribed 60 days after a case was closed.

Posted on August 18, 2015 at 6:48 AM • 16 Comments


WinterAugust 18, 2015 6:54 AM

This does sound a lot like "We really do not care". Neither about procedures, nor about privacy.

The underlying reason might be that they do not see the usefulness of this service.

Clive RobinsonAugust 18, 2015 7:09 AM

@ Winter,

Yes, I don't think that at the sharp end the staff see it as anything but a hindering exception to what is already a difficult and mainly thankless task.

I suspect there is a "not my pay grade" attitude, which perversely means that the job gets passed to those least likely to care, which would in some cases include tempory staff.

It's the sort of thing you expect when pay and moral are low and "head office" is seen as staffed by "little green men" who issue edicts but have no knowledge of the process nor take the responsibility for the side effects of such edicts.

SmirkAugust 18, 2015 10:01 AM

Is using russian services a solution?
Will it give a higher amount of privacy as long you dont use it for anything classified? Because i (correct me if i am wrong) have the idea that russian services dont have the same amount of breaches (maybe because of the "dont target russian citizens and companies and you will be safe" rule for hackers over there) and are probably less willing to comply to nsa requests and also more cautious about penetration from the nsa et al? Also i think that they dont care much about journalist or persons as long as they dont have sensitive information or critical about russia itself.

Please correct me if i am wrong

albertAugust 18, 2015 11:08 AM

I'm surprised it took this long. There must have been an upsurge in volume after 911. The unwritten story must be pissing and moaning from LE, that ultimately caused the audit to be issued.
I started to dig into this, then I realized what a waste of time it is to attempt to divine the inner workings of a massive bureaucracy. To what end? The whole thing is as useless as tits on a boar hog.
Exercise your shift keys a little more. 'I', 'NSA' and 'Russian' would be start. Mark your contractions as in: don't. And don't worry, you will be corrected:)
. .. . .. o

GregWAugust 18, 2015 11:26 AM

Sai mentioned different programs for mail cover vs. mail imaging vs. mail ICT (interdiction control and tracking- for hazardous materials).

Where does the NSA interdiction fit into those buckets, or is that a fourth undisclosed program? Or is it a covert op feeding off one of the three?

ScaredAugust 18, 2015 11:28 AM

I bet watching the USPS in action would be like visiting Terry Gilliam's Ministry of Information Retrieval. Except for the snappy suits (*). And the cool Fresnel lens typewriters.

(*) The TSA got that one right with their uniforms.

SmirkAugust 18, 2015 11:57 AM


Yeah my bad, also not using the shift key for the nsa is intentional. English is not my first language and i will continue to make mistakes as that is part of learning. I look forward to the corrections of my statement.

Alien JerkyAugust 18, 2015 12:22 PM

Ok, I am a bit off topic with this. But yet another reason Microsoft is evil.

An Ars Technica article today titled:

Wi-Fi Sense in Windows 10: Yes, it shares your passkeys; no, you shouldn’t be scared

Windows 10 comes with a neat new feature called Wi-Fi Sense, which lets your PC automatically connect to Wi-Fi networks that your friends and acquaintances have previously connected to, even if you don't know the network password.
The version of Wi-Fi Sense in Windows 10 works in much the same way as the smartphone version: it automatically connects to any Wi-Fi hotspots that have been "crowdsourced" by your friends and acquaintances. If they have joined the network in the past, your PC will automatically join the same networks, without prompting you for a password.

Hmm... I do not see any possible issues with that.

BoppingAroundAugust 18, 2015 4:14 PM

That applies only to Russian hackers (and to what extent is an enigma for me). You will still be open to attacks from hackers of the remaining ~200 states.

I also wouldn't put too much faith onto security services' reluctance to collaborate.

Alien Jerky,

SmirkAugust 18, 2015 4:41 PM


I see your point, but aren't American or EU companies/services overall a more interesting target?

SoWhatDidYouExpectAugust 18, 2015 5:25 PM

Big guvmint & big data collection...

Mostly, in big guvmint, data is handled poorly. It starts out mismanaged, eventually gets lost or is made unusable by technology advances (they don't spend money to convert data forward; follow the data trail at the IRS).

My suspicion is that 99% or more of this data won't see the light of day for any useful purpose, including the crap collected by the spook agencies. Oh, that doesn't mean they can't target someone and/or some group and do a lot of damage (or even prevent some damage), but such cases are almost inconsequential in the overall game. Some of the data collected is so obscure that it probably can't even be trended.

Does anybody notice all this data collection making any difference? Yeah, that's what I thought...

65535August 18, 2015 8:12 PM

@ GregW

“Sai mentioned different programs for mail cover vs. mail imaging vs. mail ICT (interdiction control and tracking- for hazardous materials). Where does the NSA interdiction fit into those buckets, or is that a fourth undisclosed program? Or is it a covert op feeding off one of the three?” –GregW

Good questions.

This article and USP inspectors report raise more questions. I am late to this thread I will just add my observations:

1] This 'Inspectors report' doesn’t cover large private package services like UPS or Fedex which I would guess have the same mail imaging capabilities and work with the US government. My guess is from released slides showing some NSA facility implanting bugs in Cisco routers [or similar electronic devices]. The NSA must have gotten notice of the item being shipped before interdiction – unless all mail and packages are subject to NSA interdiction. Hence, some “pre- nterdiction” tip must have come from somewhere.

2] Mail sorting and imaging is probably the starting point. I am under the assumption that the United States Postal Service [or USPS] uses imaging and/or character recognition to route most mail. Mail that cannot be read by imaging/OCR/or bar code readers is then collected and given to a real person to properly read and route. Both probably lead to some type of recording process such as imaging and the like. The USPS knows the total number of mail item sent each year thus records are needed. The image/OCR/barcode reader must have a backend database to route the mail items [and is probably accessible by the NSA].

3] It is not clear what the scope of the “inspector’s audit” covered. Page 4 of the pdf report states several different numbers. ‘49,000 Mail covers’, ‘928 mail covers in the active status after the cover period ended’, Note 2 pdf page 7 ‘official requested 41,760 and 6,391 criminal mail covers’, ‘1000 special mail covers (SMC) were processed by the Postal inspection Service Headquarters. We did not analyze about 34,000 system-generated approved requests that did not require CISC review’, page 8 of the pdf, ‘We reviewed a statistical sample of 196 of 6,391 external law enforcement mail cover requests [which I assume are only the criminal part and not the entire subset – ed]’, page 8 pdf note 5, ‘The sample did not include internally generated criminal mail covers initiated by postal inspectors’, so there are various ‘mail cover’ sets which were not audited.

4] There seems to be an undisclosed number of Log Sites as mentioned on page 10 of the pdf, ‘For example, at the Logan Station in Philadelphis, PA, officials could not locate the original mail cover resquest…’. Which leads to the question of exactly how my of these log sites exist. Do all mail stations image and potentially log mail?

5] Note 12 of page 10 of pdf indicates, ‘Handbook AS-303, Classified National Security information Program’, which clearly indicates the NSA is involved in the recording of mail to an unknown extent.

6] Apendenix D: Mail Cover Process, last box says, ‘Closed files are stored at the Federal Records Center for 8 years and then destroyed’. So, what happens to an opened ended investigation?

7] Also, Apendix D above doesn’t clearly indicate where the first recording or imaging of mail starts for all mail imaging programs. I understand it deals only with the LEA subset of criminal mail cover requests. What are the true number of mail cover recordings of both the USPS and of private packager services like UPS and Fedex?

See pdf for citations:

albertAugust 20, 2015 8:59 AM

Thanks for exposing the stuff I didn't want to deal with. I'm not sure the truth can be extracted from this mess.
. .. . .. o

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.