Statement for the Record
of
Caroline Fredrickson, Director
Washington Legislative Office
American Civil Liberties Union

The Abuse of National Security Letters

Submitted to the United States House of Representatives
Committee on the Judiciary

On behalf of the American Civil Liberties Union, its more than half a million members and activists, and 53 affiliates nationwide, I thank Chairman Conyers and ranking member Smith for holding today’s hearing on FBI abuse of National Security Letters. 

Over five years ago, in the wake of the terrorist attacks of September 11, 2001 Congress passed the USA Patriot Act,[1] giving the FBI extraordinarily broad powers to secretly pry into the lives of ordinary Americans in the quest to capture foreign terrorists. One of the changes the Patriot Act made was to expand the circumstances in which National Security Letters (NSLs) could be issued so that the information sought with such letters would no longer have to pertain to an agent of a foreign power, and would no longer be limited to the subjects of FBI investigations.[2]  An NSL is a letter that can be issued by Special Agents in Charge (SAC) of the FBI’s 56 field offices¾ without any judicial review¾ to seek records such as telephone and e-mail information,[3] financial information, and consumer credit information. 

The four NSL authorizing statutes include the Electronic Communications Privacy Act,[4] the Right to Financial Privacy Act,[5] the Fair Credit Reporting Act,[6] and the National Security Act of 1947.[7]  Subsequent legislation expanded the types of institutions from which records could be sought using NSLs.  The Intelligence Authorization Act for Fiscal Year 1996,[8] amended the FCRA to give the FBI authority to obtain credit header information with NSLs, and a provision of the Patriot Act, expanded this power to allow the FBI and other government agencies that investigate terrorism to obtain full credit reports.[9]  The Patriot Act also reduced the standard necessary to obtain information with NSLs, requiring only that an SAC certify that the records sought are “relevant” to an authorized counterterrorism or counter-intelligence investigation. 

The ACLU opposed these unwarranted expansions of NSL power, and opposed making provisions of that statute permanent with the Patriot Reauthorization Act of 2005,[10] fearing these unnecessary and unchecked powers could be too easily abused.  When Congress reauthorized the Patriot Act, it directed the Department of Justice Inspector General (IG) to review the effectiveness and use of these expanded authorities and one of the first of these reports, a review of the FBI’s use of NSLs, was released on March 9, 2007.[11] 

The IG’s audit confirms our worst fears: that the FBI uses its NSL authorities to systematically collect private information about people who are not reasonably suspected of being involved in terrorism, and it retains this information indefinitely.  The FBI ignored the scant requirements of the law and developed shortcuts to illegally gather information the FBI wanted from telecommunications companies and financial institutions.  It did this without opening the investigations for which, by law, this information must be sought or be relevant to, and often without ever bothering to secure the NSLs or grand jury subpoenas it told these telecoms and financial institutions it would secure to support its claim of access to sensitive customer information.[12]  This should be of great concern to all Americans, because the IG found the FBI is increasingly using this power against U.S. persons.[13]  And despite the issuance of more than 140,000 NSL requests, the IG report documents only one terrorism conviction – for providing “material support” for terrorism -- and only 153 “criminal proceedings” resulting from the extensive use of this power.[14]  “Criminal proceedings” is defined as all federal grand jury proceedings, as well as search warrants, indictments and trials.[15]

For over five years the Federal Bureau of Investigation has collected vast troves of data in secret and without accountability. I hope this hearing is only one of many to reestablish checks and balances on the executive branch and curb its many abuses of power. The ACLU asks this committee to hold the FBI and this administration accountable for these abuses and to make statutory changes that will ensure that they cannot happen again. 

The Inspector General’s Findings

Despite statements to the contrary, the Inspector General found much more than just sloppy management and poor record keeping. The Inspector General’s report documents systematic failures to meet statutory requirements, and at times, intentional refusals to comply with the law. 

CAU staff, who were not authorized to sign NSLs, used “exigent” letters containing obviously false statements to obtain documents from the telephone companies when no authorizing investigation was open, when no NSLs or subpoenas had been requested, and when no emergency situation existed.[20]  They then asked FBI field offices to open investigations so NSLs could be issued without telling the field office personnel that CAU staff had already received the records,[21] a clear indication that they knew what they were doing was improper.  FBI National Security Law Branch (NSLB) attorneys were made aware of this issue in late 2004, possibly through complaints from field agents who resisted CAU’s directives, and an NSLB Assistant General Counsel concluded that the practice of using “exigent” letters did not comply with the NSL statute.  Yet, rather than prohibiting the practice outright, the NSLB attorney counseled CAU for two years regarding how and when CAU officials should use them.  Regardless of this advice, CAU continued using these “exigent” letters, and the practice wasn’t “banned” until the IG issued its report.[22]  Even today the FBI is unable to determine whether data requested with “exigent” letters was ever covered with properly issued NSLs or subpoenas.[23]

And the issuance of “exigent” letters was only one of the illegal methods the FBI used to circumvent the NSL statutes.  Using a similar scheme, the Terrorist Financing Operations Unit issued “Certificate Letters” to obtain the financial records of at least 244 named individuals in violation of the Right to Financial Privacy Act.[24]  Again, agents without authority to issue NSLs used these letters to circumvent the law and gain access to private financial records, and then lied about it when confronted by NSLB attorneys.  When the NSLB attorneys realized they had been misled they ordered the practice halted, but it did not stop.[25]  This sequence reveals what can only be described as clearly intentional misconduct.

In other instances NSLB attorneys actually signed NSLs without reference to any authorized investigation, and more than 300 NSLs were issued out of an FBI control file that was opened specifically because there was not an authorized investigation from which to issue an NSL for the data the FBI wanted.[26] 

Increasing Collection of Data on U.S. persons  

When Congress expanded the FBI’s authority to use NSLs, it required FBI officials to certify that the information sought with these letters is relevant to an authorized investigation.  By instituting this requirement, Congress clearly intended for NSLs to be a targeted investigative power, rather than a broad power that could be used to cast a wide net. But, the IG report makes clear this is not how the FBI is using its NSL authorities.  In one example, nine NSLs were used to obtain records for 11,000 different telephone numbers.  And, agents and analysts often didn’t even review the data they received from NSLs.  They simply uploaded it into computers.[27]  The IG found information received from NSLs is uploaded into three separate FBI databases, where it is retained indefinitely and retrievable by tens of thousands of FBI and non-FBI personnel,[28] even if the information exonerates the subject from any involvement in terrorism.[29]  Despite this extraordinary collection effort, the IG was able to document only one terrorism conviction resulting from the use of NSLs.[30] Clearly NSLs are not being used as targeted investigative tools.

The IG also expressed concern that the FBI allows agents to use NSLs to access information about individuals who are  “two or three steps removed from their subjects without determining if these contacts reveal suspicious connections.”[31]   The fact that NSLs are being issued from control files and “exigent” letters are being used by analytic units at FBI Headquarters suggests that this tool is not being used in the manner Congress intended.  Despite the FBI’s claims that NSLs are directed at suspected terrorists, the Inspector General found that the proportion of NSLs issued to obtain information on Americans is increasing.  In fact, the majority of NSLs the FBI issued in 2005 were used to obtain information about U.S. persons (American citizens and lawful permanent residents of the U.S.).[32]  

Datamining 

Neither the NSL statutes nor Department of Justice policy require the FBI to purge from its databases sensitive personal information about persons who are found to be innocent and not tied to foreign powers.[33]  The Inspector General confirmed that the FBI has taken advantage of this loophole and uploads all information – admittedly innocent or not – into national databases that are indefinitely maintained.  The data received from NSLs is uploaded into a “Telephone Application Database” where a link analysis is conducted, and into an Investigative Data Warehouse where it is mixed with 560 million records from 50 different government databases.[34]  Tens of thousands of law enforcement and intelligence personnel have access to the information, which is not given a disposition, leaving innocent people associated with a terrorism investigation long after their information becomes irrelevant.  Intelligence products developed from this data do not cite the origin,[35] so errors in the information can never be checked against the source documents.  Instead, errors will be compounded when intelligence products derived from this erroneous information are distributed throughout the intelligence community and to state and local law enforcement agencies.

Erroneous Reports to Congress and the Intelligence Oversight Board   

The Inspector General found that statutorily required reports to Congress excluded at least six percent of the overall number of NSLs.[36]  The number of unreported NSLs may be higher, but record keeping is so bad at the FBI, the Inspector General was unable to even confirm a final number.  A review of just 77 cases from four FBI field offices found 22 percent more NSLs in case files than the FBI General Counsel knew about.  More significantly, the IG found 60% of those files deficient in required paperwork, and his review doubled the number of unlawful violations that needed to be reported to the President’s Intelligence Oversight Board.[37]                                 

Proposed Amendments

Regrettably, the Inspector General’s report only included suggestions for internal changes within the FBI’s discretion, and did not include recommendations for amending the underlying statute that is the source of these abuses.  It is clear that the violations the Inspector General uncovered were the natural consequence of a statute that allows government agents to access sensitive information without suspicion of wrongdoing, in the absence of court oversight, and with complete secrecy compelled by a gag order with criminal consequences.  In fact, even if management and technology problems identified in the IG’s report are solved, hundreds of thousands of NSLs will continue to collect information on innocent Americans because that is exactly what the statute allows. 

The ACLU recommends three statutory changes that are absolutely necessary to ensure that the law protects privacy while permitting the collection of information necessary to investigate terrorism. 

Limit NSLs to Suspected Terrorists and Other Agents of Foreign Powers 

First, Congress must repeal the expansion of the NSL power that allows the FBI to demand information about totally innocent people who are not the targets of any investigation.  The standard should return to the requirement that NSLs seek only records that pertain to terrorism suspects and other agents of foreign powers.[38]  And the FBI should not be allowed to use NSLs to investigate people two or three steps removed from any criminal or terrorist activity.

Under current law, the FBI can use an NSL to obtain information that the FBI asserts is “relevant” to an investigation.  The FBI has clearly taken advantage of this “relevance” standard and issued NSLs to obtain information on innocent American people with no connection to terrorism.  In fact, it obtained this information without even opening an investigation to which the information must be relevant.  NSLs are now issued to collect records just for the sake of building databases that can be mined later.  In addition to being wholly ineffective as an investigative technique, this data collection and warehousing is an affront to the privacy of U.S. persons. 

Restrict the Gag Provisions and allow for Meaningful Challenges

The gag provisions of the NSL statutes unconstitutionally inhibit individuals receiving potentially abusive NSLs from challenging them in court.  Congress should amend the NSL statute so that gag orders are imposed only upon the authority of a court, and only where necessary to protect national security.  Judicially imposed gag orders should be limited in scope and duration.

Further, gags must come with a meaningful right to challenge them before a neutral arbiter.  Last year’s amendments created a sham court proceeding, whereby a judge is powerless to modify or overturn a gag if the federal government simply certifies that national security is at risk, and may not even conduct any review for a full year after the NSL is issued.  Under the NSL statute, the federal government’s certification must be treated as “conclusive,” rendering the ability to go before a judge meaningless. To comport with the First Amendment, a recipient must be able to go before a judge to seek meaningful redress. 

Court Review 

If there is one undeniable conclusion that Congress can draw from the Inspector General’s report, it is that the FBI cannot be left to police itself.  Allowing the FBI to keep self-certifying that it has met the statutory requirements invites further abuse and overuse of NSLs.  Contemporaneous and independent oversight of the issuance of NSLs is needed to ensure that they are no longer issued at the drop of a hat to collect information about innocent U.S. persons.  Court review will provide those checks and balances as was intended by the Constitution.

Conclusion

The Inspector General reviewed just a tiny proportion of NSLs issued by the FBI from 2003 through 2005, yet he found an extraordinary level of mismanagement, incompetence, and willful misconduct that clearly demonstrates that the unchecked NSL authorities given to the FBI in the Patriot Act must be repealed.  The FBI and Department of Justice have shown that they cannot police themselves and need independent oversight.  The American Civil Liberties Union applauds the Committee for holding this hearing and opening a window on these abuses, but there is more work to be done.  Congress must fully investigate the FBI’s abuse of power to insure that those responsible for these violations are held accountable, and the innocent people who have had their privacy invaded and their civil rights abused need to be identified and notified, and records that have been improperly or inappropriately seized should be purged from FBI databases.   But most importantly, Congress needs to fix the Patriot Act, which has set the stage for all of these problems.

[1] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. Law No 107-56, 115 Stat. 272 (2001)[Hereinafter Patriot Act].
[2] Id., section 505.
[3] Telephone and e-mail information that can be obtained with NSLs includes historical information on calls made to and from a particular number, billing records, electronic communication transactional records and billing records (including method of payment), and subscriber information.
[4] 18 U.S.C. section 2709 (1988).
[5] 12 U.S.C. section 3401 (2000).
[6] 15 U.S.C. section 1681 et seq. (1996).
[7] 50 U.S.C. section 436(a)(1)(2000).
[8] Pub. Law No. 104-93, section 601(a), 109 Stat. 961, codified at 15 U.S.C. section 1681u (Supp.V. 1999).
[9] Patriot Act section 358(g)(2001).
[10] USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. Law No. 109-177, 120 Stat. 192 (2006).
[11] Office of the Inspector General, A Review of the Federal Bureau of Investigation’s Use of National Security Letters, March 2007, http://www.usdoj.gov/oig/reports/FBI/index.htm (Hereinafter IG Report).
[12] IG Report at 94.
[13] IG Report at 38.
[14] IG Report at 63, 64. (s
[15] IG Report, footnote 103, p. 62.
[16] IG Report at 88.
[17] IG Report at 92.
[18] IG Report at 90.
[19] IG Report at 97.
[20] IG Report at 92.
[21] Id.
[22] FBI letter to Inspector General Glen Fine dated March 6, 2007 included in the appendix of the IG Report.
[23] IG Report p. 91.
[24] 12 U.S.C. section 3401 (2000). See IG Report at 115.
[25] IG Report at 117.
[26] IG Report at 100.
[27] IG Report at 85.
[28] IG Report at 28, 30, and 110.
[29] IG Report at 44.
[30] IG Report at 64.
[31] IG Report at 109.
[32] IG Report at 38.
[33] IG Report at 110.
[34] IG Report at 28, 30.
[35] IG Report at 54.
[36] IG Report at 34.
[37] IG Report at 78.
[38] Agent of a foreign power is defined in the Foreign Intelligence Surveillance Act of 1978, 50 U.S.C. section 1801 (1978).