March 9, 2007
FOR IMMEDIATE RELEASE
NEW YORK - On March 9, 2007, as mandated by law, the Department of Justice’s
Office of Inspector General (OIG) issued a report on the FBI’s use of National
Security Letters (NSLs). The FBI used these NSLs to obtain phone and
financial records without a court order. The OIG report is available
The Department of Justice Office of the Inspector General (IG) looked at only
a tiny sample of the hundreds of thousands of NSLs issued. This means the
abuses the IG found are only the tip of the iceberg. That the IG found so
many violations and abuses with such a small sample means there are major
systemic problems with the FBI’s use of NSLs.
Below is the American Civil Liberties Union’s analysis of the IG’s findings
and our specific recommendations. Page numbers in Roman numerals refer to the
- OIG interviewed “over 100 FBI employees” at “FBI Headquarters
and at the Department” as well as “over 50 FBI employees” at field offices in
New York, Chicago, Philadelphia and San Francisco. (p. ix)
- At the field
offices, OIG teams examined sample of 77 counterterrorism and
counterintelligence investigative cases files and 293 NSLs to determine if the
letters complied with statutes, Attorney General (AG) guidelines and FBI
internal policy. (p. ix)
- The appendix to report includes comments by the AG,
the Director of National Intelligence and the FBI. (p. x)
- Section 505 of the Patriot Act expanded approval
authority to “Special Agents in Charge” of field offices to sign NSLs.
Previously authority held by a group of senior FBI officials at headquarters.
- The Patriot Act must be amended so that NSLs require
the approval of senior level FBI officials. The fact that lower level
agents can authorize NSLs leads to overuse and abuse of NSLs.
- During the time period
covered by the IG’s review the “FBI had no policy or directive requiring the
retention of signed copies of national security letters or any requirement to
upload” NSLs into various FBI case management systems. (p. xiv-xv)
IG found that the FBI has “no uniform system for tracking responses to national
security letters, either manually or electronically.” (p. xv)
- The data
retention systems are not uniform.
- The FBI keeps NSL-derived information in
various databases – including databases that are accessed by nearly 12,000
users, including members of Joint Terrorism Task Forces (JTTFs). (p. xv)
FBI is sharing information derived from NSL with other intelligence agencies.
- The FBI is using NSLs to establish evidence to support wiretap,
electronic surveillance and physical search warrants. (p. xxii-xxiv)
- The FBI
disseminated information derived from NSLs to a variety of federal, state, and
local law enforcement agencies, including the National Security Agency (NSA),
the CIA, and JTTFs. (p. xxvi)
- The FBI is even sharing information derived
from NSLs with foreign governments. (p. xxii-xxiii)
- FBI policies do
not require the purging of information derived fro NSLs in FBI databases,
regardless of the outcome of the investigation. (p. xlii)
- The FBI must immediately purge these databases.
The abuses of the NSL power led to the widespread dissemination of personal
information about innocent Americans. Because of NSL abuses, FBI and other
federal, state and local government databases are filled with information about
- The FBI must keep accurate records. The FBI’s
use of NSLs has been overbroad and sloppy. The public is supposed to
believe that NSLs are a critical tool in keeping us safe, but the FBI cannot
even be bothered to keep accurate records about the NSLs it issues or the
information received through NSLs.
- The FBI must clean up its act.
Sloppiness leads to mistakes and abuses. Mistakes in the NSL process
ripple out in a myriad of ways because information gleaned through NSLs is
disseminated to everyone from intelligence agencies like the CIA and NSA, to
local and state police who participate in JTTFS. That information is used,
among other things, to obtain wiretap applications, in deportation proceedings,
and in criminal court.
- The IG found that the number of NSL requests reported
to Congress in 2003, 2004, and 2005, were “significantly understated.” (p.
- After the Patriot Act, the number of NSL requests increased from 8,500
in 2000 to approximately 39,000 in 2003, approximately 56,000 in 2004, and
approximately 47,000 in 2005. (p. xvi)
- These numbers actually significantly
underrepresented the number of NSL requests because of “incomplete or inaccurate
information” in the relevant database; because the “FBI did not consistently
enter” NSL information into the appropriate database in a timely manner; and
because of incorrect data entries. (p. xvi-xvii)
► The IG found approximately 17 percent more NSLs in the case files than were
recorded in the database. (p. xvi)
► The IG found 22 percent more NSL
requests in the case files than were recorded in the database. (p.
IG estimates that about 6 percent of NSL requests issued by the FBI from
2003-2005 were missing from the database. (p. xvii)
- Congress should amend the NSL statute so that gag orders are imposed only
upon the authority of a court, and only where necessary to protect national
security. Judicially imposed gag orders should be limited in scope and
Number, Content, and Targets of Requests
- The IG found that from 2003 to
2005, the FBI issued a total of 143,074 NSL requests. (p. xviii)
number of NSL requests is different from the number of NSL letters because one
“letter” may include more than one request. (p. xix)
- The “overwhelming
majority” of these NSL requests sought the most sensitive information –
telephone toll billing records, telephone and email subscriber information, or
electronic communication transactional records. (p. xviii)
- The percentage of
NSL requests generated from investigations of U.S. citizens and legal permanent
residents increased from about 39 percent of all NSL requests in 2003 to about 53
percent of all NSL requests in 2005. (p. xx)
- Congress must investigate this broad expansion on the
use of NSLs. The FBI is issuing many more NSLs than anyone ever
imagined. Effective and meaningful oversight is necessary.
NSLs as Fishing Expedition
- The IG reported that the FBI’s analysis of
personal information gleaned through NSLs is used to assist in the
identification the NSL subject’s family members, associates, living arrangements
and contacts. (p. xxiv)
- The FBI uses this information about family and
association to “generate new leads.” (p. xxiv)
- NSLs require only a threshold
showing of “relevance to an authorized investigation.” As a result, the
FBI uses NSLs to obtain personal information “two or three steps removed” from
the target of any investigation. (p. xlii)
- The FBI maintains no
information on whether the target of the NSL is the subject of an underlying
investigation or another individual. (p. xliv)
- Congress must repeal the expansion of the NSL power that
allows the FBI to demand information about totally innocent people who are not
the targets of any investigation. The standard should return to the requirement that NSLs seek only records that
pertains to terrorism suspects and other agents of foreign powers.
FBI should not be using NSLs to investigate people two or three steps removed
from any criminal or terrorist activity.
Violations and Misuse of the NSL Power
- The IG found several instances of
improper or illegal use of NSLs. (p. xxviii)
- The FBI issued NSLs even
where no underlying investigation had been approved; obtained personal
information from companies without even issuing NSLs; obtained more information
from recipients than was requested; and obtained information about telephone
numbers that did not belong to the target of the NSLs. (p. xxix)
NSL recipients provided prohibited content information, including voice
messages, e-mail, and images. (p. xxx)
- In one example, the FBI issued
an NSL to a North Carolina university that sought several categories of records,
including applications for admission, housing information, emergency contacts
and campus health records. (p. xxxii)
- Congress must investigate to uncover all of the abuses
and to hold the perpetrators accountable. The IG found many serious abuses
in a small sampling of NSLs.
- Congress, not the FBI, must
investigate. The FBI cannot be relied upon to police itself.
NSL power as expanded by the Patriot Act must be repealed. It should come
as no surprise that the secrecy surrounding NSLs has led to rampant abuses that
have compromised the privacy rights of Americans.
Lack of Internal and Statutory Guidance
- The IG found violations of
internal regulations in three categories: 1) improper authorization for
NSLs; 2) improper requests under the NSL statutes; and 3) unauthorized
collections. (p. xxxi)
- FBI agents were confused about the authorities
available under the various NSL statutes. The FBI did not issue
comprehensive guidance about NSL-related infractions until November 2006, more
than 5 years after the Patriot Act was enacted. (p. xxxiii-xxxiv)
lack of any definition of “toll billing records information” has confused both
FBI agents and the recipients of NSLs about the scope of NSL demands for
information. (p. xliii)
- The FBI must provide better training for its agents
to ensure they comply with the law. Once again the FBI’s failure to train its
personnel resulted in serious civil liberties abuses by FBI agents.
should amend the NSL statute to define the phrase “toll billing records
- The FBI relied on “exigent letters” that were totally
unauthorized by law to demand telephone toll billing records and subscriber
information. (p. xxxv)
- The FBI entered into contracts with three
telephone companies to obtain information outside of the NSL process through
“exigent letters.” Over 700 exigent letters were issues to the three
companies between March 2003 and December 2005. (p. xxxv)
- There were
sometimes no open investigations tied to the “exigent letter” requests.
- The exigent letters stated that, “subpoenas requesting this
information have been submitted to the U.S. Attorney’s Office who will process
and serve them formally as expeditiously as possible.” (p. xxxvi)
- In fact, in a sample the IG reviewed, it could not confirm “one instance in
which a subpoena had been submitted to any United States Attorney’s Office
before the exigent letter was sent to the telephone companies.” (p.
- Congress must clarify this power and stop the FBI
from using this loophole. The FBI deliberately demanded personal
information using “exigent letters” which are totally unauthorized by law, and
lied about whether the demands were related to actual investigations or
supported by pending requests for subpoenas. These actions contradict the
IG’s conclusion that the NSL abuses involved no “intentional” violates of
- The FBI must immediately notify the subjects of the “exigent letters”
about the unauthorized invasion of their privacy rights.
- The FBI must name
the phone companies who entered into contracts to provide personal information
not authorized by statute.