ACLU Roadmap of Justice Department Inspector General’s Review of the FBI’s Use of National Security Letters

Document Date: March 19, 2007

    TO: Interested Persons

    FROM: Michael German, Policy Counsel, ACLU Washington
    Legislavitive Office, former Special Agent, FBI

    RE: Roadmap of Justice Department Inspector General’s
    Review of the FBI’s Use of National Security Letters

    DATE: Monday, March 19, 2007


    The American Civil Liberties Union has long had serious concerns about the FBI’s authority to use National Security Letters (NSLs). The Department of Justice’s Office of Inspector General (OIG)’s recently released audit of NSLs confirmed that the Patriot Act gave the Justice Department and the FBI too much power. The original Patriot Act, passed in 2001, relaxed restrictions on the FBI’s use of NSLs and the number issued has increased astronomically. While reports previously indicated a hundred-fold increase to 30,000 NSLs issued annually, the recent IG audit shows there were actually at least 143,000 demands issued under the NSL statute issued between 2003 and 2005, and probably many more. The IG examined only a tiny sample of the hundreds of thousands of NSLs the FBI issued, so the report shows just the tip of the iceberg.

    The IG identified numerous FBI abuses and misuses of their NSL authority. What follows is a roadmap to the 199-page IG report. It shows that the FBI reported false information to Congress because poor internal management and a disturbing lack of accountability within the FBI make it impossible for anyone to know how many of these letters have been issued, and what information may have been collected with them. Even more disturbingly, it shows the FBI intentionally circumvented the law to gain access to records that weren’t even relevant to any authorized FBI investigation. But the information gathered by these methods is permanently retained.


    I. Previous Reports To Congress Were Wrong

    The FBI was required to report the number of NSL demands to Congress, but those reports vastly understated the FBI’s use of NSLs. According to the IG report and in contrast to their congressional reporting, the FBI database shows the following (p. 37):
    NSL Demands in 2000: 8,500
    NSL Demands in 2003: 39,346
    NSL Demands in 2004: 56,507
    NSL Demands in 2005: 47,221
    Total NSL Demands 2003-2005: 143,074 (p. 36)

    But these numbers fail to capture the depth and range of the FBI’s use and abuse of the NSL authority. For example, just nine NSLs in 2004 requested information on 11,000 separate telephone numbers (p. 36).

    Moreover, the IG report shows that the FBI data is wrong, due to three separate problems:

    1) Field delays in entering NSL data (p. 33).
    Resulted in 4,600 NSL requests not being reported to Congress

    2) Incorrect data entries in the NSL database (p. 33).
    Resulted in 477 NSLs erroneously excluded from reports to
    TOTAL known NSL requests not reported to Congress to be
    8,850 (6 percent) (p. 34).

    3) Inaccurate data in the FBI NSL database (p. 32).
    The IG review of 293 NSLs found in a sample of just 77 case files
    17 percent more NSLs in FBI case files than recorded in
    the NSL database;
    22 percent more NSL requests in FBI case files than in the
    NSL database;
    46 of 77 files reviewed (60 percent) were deficient in
    required paperwork;
    12 percent of cases did not accurately state whether the
    target was a US person (p. 35).

    And this power has increasingly been used to gather data on US persons. The IG report showed that NSL requests for information on US persons increased from 39 percent in 2003 to 53 percent in 2005 (p. 38).

    II. Indefinite retention of NSL data and potential for data mining of innocent Americans

    The data received from NSLs is uploaded into three FBI databases:

    • Automated Case Support – 29,000 FBI users, 5,000 non-FBI users (p. 28).
    • Telephone Application database – for link analysis, 19,000 users (p. 28).
    • Investigative Data Warehouse (p. 30 footnote 64, p. 53):

    This “warehouse” includes data from 50 different
    government databases, includes 560 million records,
    and has 12,000 FBI and non-FBI users

    The IG audit found that:

    • Information received through NSLs is indefinitely retained and retrievable (p. 110).
    • The FBI uses NSLs to close cases by concluding subjects pose no terror threat (p. 44), but that information remains in the databases.
    • Data from NSLs is shared with the Intelligence Community, other government agencies and foreign governments (diagram 5.1, p. 47).
    • Purging of irrelevant data received with NSLs is not required by DOJ/FBI policy (p. 110).
    • The FBI did not issue guidance on sequestering, destroying, or using information improperly received until November of 2006 (p. xxxiv, and p. 29, footnote 62).

    The IG also expressed concern about the FBI using NSLs against persons two or three steps removed from subjects (p. 109).

    III. Intelligence Oversight Board violations

    The Intelligence Oversight Board (IOB) is a standing committee of the President’s Foreign Intelligence Advisory Board. Under Executive Order 12863, the IOB is directed to inform the president of any activities that “may be unlawful or contrary to Executive Order or Presidential Directive.” The IG report noted that this directive covers “reports of violations of Department investigative guidelines or investigative procedures.” (p. 68)

    The IG audit found the following:

    • 26 possible IOB violations were reported to the FBI Office of General Counsel (OGC).
    • 19 of those were referred to the IOB by OGC (p. 69).
    • IG disagreed with one OGC decision not to send report to IOB (p. 76).
    • IG review of just 77 case files found 22 more IOB violations.
    • 22 percent of files the IG reviewed contained an unreported IOB violation.
    • Agents and analysts don’t review records provided from NSL recipients to determine if records are responsive to their NSL requests (p. 85), in violation of DOJ guidelines.

    IV. Private Sector Relationships

    The IG report highlights how cozy relationships between FBI counterterrorism officials and private sector entities resulted in the circumvention of the NSL statutes, and the illegal dissemination of private information protected under the Electronic Communications Privacy Act (ECPA) and the Right to Financial Privacy Act (RFPA).

    The IG report indicates the FBI personnel developed “close working relationships with private sector companies, including telephone companies that furnished points of contact to facilitate the FBI’s access to records held by these companies.” These relationships led to the use of the illegal use of “exigent letters” to circumvent the ECPA laws regarding the privacy of telephone toll records (p. 87).

    The IG report indicates that FBI personnel who used “Certificate Letters” to obtain the financial records of 244 named individuals told the FBI Assistant General Counsel that the Federal Reserve Bank personnel providing the records did not feel that NSLs were required because the Federal Reserve Bank was a “quasi-governmental” body. Federal Reserve Bank policy, however, requires that the FBI issue RFPA NSLs before the FBI may obtain Fedwire records. Federal Reserve Bank officials stated that, “the position on whether to require NSLs depended on who the FBI’s point of contact was at the Federal Reserve.” This statement plainly indicates that personal relationships with Federal Reserve employees are used to circumvent the RFPA laws designed to protect private financial records (p. 117).

    These examples show how a process with no accountability or oversight can quickly degenerate into a systemic disregard for proper procedures, grave violations of civil liberties, and ultimately intentional violations of the law.


    The IG uses anecdotal information to report that FBI agents say NSLs are “indispensable” or “our bread and butter” (p. 45), but the numbers tell a different story.

    The IG report details 4 cases in which toll billing records obtained from NSLs were used (p.49):

    • In one, the FBI “initiated investigations on individuals” identified in toll records received through NSLs, but no results of the investigation were noted.
    • In one counterintelligence case, an NSL was used in an investigation that led to a conviction.
    • In a third case, an NSL was used to verify that the subject “was in touch with an individual who had been convicted of federal charges.” No outcome reported.
    • In a fourth case -another counterintelligence case – NSL toll data revealed that, despite denials, an FBI source was in contact with a foreign intelligence agent.

    The IG report details 2 cases in which financial records obtained from NSLs were used (p. 50):

      • One counterterrorism case where financial records from NSLs were used to identify sources and recipients of money transfers and assisted in the collection of information on overseas targets.
      • One counterterrorism investigation in which financial records obtained from NSLs were used to determine there were no significant ties to criminal activity and therefore the investigation was terminated.

    The IG report details 3 cases in which Credit Bureau records obtained with NSLs were used (p. 51):

      • One counterintelligence investigation in which Credit Bureau records obtained with NSLs assisted in eliminating concerns that the subject was hiding assets.
      • One counterterrorism investigation in which subjects dispersed by Hurricane Katrina were located using credit reports received with NSLs. No results of the investigations were reported.
      • One counterterrorism investigation in which a credit report obtained with an NSL was used to locate a subject in another city. The case was transferred to the FBI office in the other city. No results of the investigation were reported.

    If these examples seem underwhelming, it may be because the IG had little to work with. Despite agent claims that NSLs are indispensable, the IG found very few instances in which data from NSLs was used to prosecute terrorists. The FBI does not keep records of how NSL-derived information is used (p. 60) so the IG asked FBI field offices to report how many times they referred targets of national security investigations to law enforcement authorities for prosecution.

    Responses indicated that “about half” of the FBI offices referred one or more counterterrorism investigation targets for prosecution from 2003 to 2005 (p. 63). Of the 46 FBI offices that responded, 19 said they made no referrals. Of the remaining 27 offices, 22 provided details showing criminal charges in 19 fraud cases, 17 immigration cases and 17 money-laundering cases, using information obtained with NSLs (p. 63). The IG report says one FBI office estimated that it used NSL-derived information in approximately 105 criminal proceedings from 2003 to 2005 (footnote 107, p. 64).

    All told, the FBI reported 153 criminal proceedings resulting from 143,074 NSL requests. “Criminal proceedings” means all federal grand jury proceedings, as well as search warrants, indictments and trials (footnote 103, p. 62). The IG documented only one material support for terrorism conviction in a case using data from NSLs (p. 64). In other words, NSLs, sold as anti-terrorism tools, are not producing convictions against suspected terrorists.


    The IG report also shows that FBI personnel developed several illegal schemes to circumvent the NSL statutes, abusing the authorities they were given under the Patriot Act and violating the law. The complexity and duration of these schemes demonstrates this misconduct was knowing and intentional.

    I. Use of illegal “Exigent Letters” (p. 86-99)

    The IG audit found examples in which the FBI circumvented the NSL authority completely by using “exigent letters” to obtain information, with the promise that the agent had already requested a grand jury subpoena or an NSL. The companies receiving the “exigent letters” were asked to turn over sensitive customer information in reliance on that representation. In fact no emergency existed, no grand jury subpoenas or NSLs had been requested before the documents were obtained, and the FBI could not substantiate that agents ever followed through with the proper process.

    1) Illegal contracts (p. 87):

    The FBI Communications Analysis Unit (CAU) contracted with three telephone companies between May of 2003 and March of 2004, arguing that “previous methods of issuing subpoenas or National Security Letters and having to wait weeks for their service… is insufficient to meet the FBI’s terrorism prevention mission” (p. 88). Under these contracts the three telephone companies would provide the FBI with call data information upon receipt of “exigent letters” signed by FBI Counterterrorism Division personnel who were not authorized to sign NSLs (p. 89). These contracts allowed the FBI and the telephone companies to circumvent the laws controlling the dissemination of telephone toll records.

    The FBI Office of General Counsel was aware of these illegal contracts because, as with all FBI contracts, OGC procurement attorneys were involved in reviewing and approving them (see footnote 126, p. 89).

    The FBI provided the IG with 739 exigent letters from March 11, 2003 to December 16, 2005 that requested records for 3,000 different telephone numbers (p. 90). Just one letter requested toll information for 171 different numbers (p. 90). But the IG does not know how many “exigent letters” were actually executed because the FBI did not retain copies (p. 90).

    The FBI sometimes issued NSLs after receiving requested documents to “cover” the information obtained, but such “cover” NSLs were often issued months later (p. 91).

    The FBI could not substantiate that NSLs or other legal process was ever issued to cover the records obtained with the “exigent letters” (p. 91). [FBI claims that the FBI received only documents to which it was entitled to are false.]

    2) False statements:

    Contrary to the provisions of the contracts that said the FBI would obtain telephone records only after securing the NSLs or grand jury subpoenas, the FBI obtained telephone toll records and subscriber information before serving NSLs or subpoenas, and sometimes without ever serving NSLs or subpoenas (p. 90).

    The “exigent letters” issued by the FBI falsely stated that subpoenas had already been requested from the US Attorney when no such request had been made. The IG could not confirm even one instance in which a subpoena had been requested (p. 92).

    Despite the language in the letters claiming exigent circumstances, many “exigent letters” were used to collect information when no exigent circumstances existed (p. 92).

    The FBI made “factual misstatements in its official letters to the telephone companies either as to the existence of an emergency justifying shortcuts around lawful procedures or with respect to the steps the FBI supposedly had taken to secure lawful process” (p 97).

    When CAU asked FBI field offices to send NSLs to cover the “exigent letter” requests, they often did not disclose that CAU had already received the documents (p.92).

    3) No investigative authority for the “exigent letters” (p. 92):

    The NSL statutes require Senior Executive Service level officials to certify that information sought with NSLs is relevant to an authorized investigation. “Exigent letters” were often issued with no authorized investigation tied to the request.

    After receiving documents in response to the “exigent letters” CAU officials asked FBI field offices to open new investigations so after-the-fact NSLs could be issued, without saying the documents were already received. Many FBI offices resisted these efforts.

    4) NSLs issued from control files with no open or pending investigations:

    300 NSLs issued as part of a “classified special project” (possibly the NSA program?) were issued from a control file that did not reference an authorized investigation (p. 98).

    Six NSLs from the Electronic Surveillance Operations and Sharing Unit were issued to Internet Service Providers without reference to any pending investigation, and were signed by an NSLB attorney. The FBI Unit Chief argued this was within the “spirit” of the law (p. 101).

    5) FBI Attorneys knew of abuse of NSL authorities:

    FBI field offices complained to National Security Law Branch attorneys (p. 93).

    In late 2004 an NSLB Assistant General Counsel said the practice of using “exigent letters did not comply with the Electronic Communications Privacy Act (ECPA) NSL statute (p. 93).

    In December of 2004 an NSLB Assistant General Counsel complained that CAU requests for NSLs failed to disclose that CAU had already received the documents (footnote 129, p 93).

    By law, NSLs can only be issued in connection with an authorized investigation. Nonetheless, an NSLB Attorney signed Electronic Surveillance Operations and Sharing Unit NSLs that were issued without reference to any authorized investigation (p.100).

    6) FBI NSLB Attorneys issued inappropriate advice (p. 93):

    For two years starting in late 2004 NSLB attorneys counseled CAU officials to:

    • Discontinue use of “exigent letters” except in true emergencies.
    • Tie requests to existing investigations, or open new ones.
    • Issue NSLs promptly after serving the “exigent letters.”
    • Modify the letters to reference NSLs rather than subpoenas.
    • Consider opening “umbrella” investigations from which NSLs could be issued. (This was not done because CAU officials told NSLB, falsely, that each “exigent letter” could be tied to an open investigation and that such requests were “few and far between.”)

    Starting in June of 2006 “exigent letters” were modified to reference NSLs (p. 94).

    As of March 2007 the FBI is unable to determine whether NSLs or grand jury subpoenas were issued to cover the documents requested with “exigent letters” (p. 94).

    7) FBI attorneys were intimidated into approving NSLs (p. 112-114):

    IG interviews revealed that FBI attorneys serving as Chief Division Counsels in FBI field offices approved NSL requests they would have preferred to reject for legal inadequacy because they were afraid to challenge their FBI superiors who had approved the investigations (p 113). The intimidation of FBI legal counsels demonstrates that the FBI cannot be expected to police itself. Independent oversight is the only mechanism that will ensure the FBI is complying with the law.

    II. Illegal “Certificate Letters” used to receive records from the Federal Reserve Bank (p. 115-119):

    A second illegal scheme the IG discovered involved the Terrorist Financing Operations Unit at FBI Headquarters, which issued unauthorized “Certificate Letters” to obtain financial records of 244 individuals in violation of the Right to Financial Privacy Act.

    1) Circumventing the Right to Financial Privacy Act (RFPA):

    The FBI circumvented the requirements of the RFPA by using “Certificate Letters” instead of RFPA NSLs to obtain “financial records” from the Federal Reserve Bank (p. 115).

    The IG identified 19 “Certificate Letters” requesting information on 244 named individuals, but could not determine the number of letters issued because the FBI did not keep copies (p. 115).

    Not all individuals whose records were sought were subjects of investigations (p. 116).

    FBI officials who signed the “Certificate Letters” were not authorized to sign NSLs (p. 116).

    2) FBI officials mischaracterized nature of “Certificate Letters” to hide abuse:

    In July of 2004 NSLB attorneys learned of “Certificate Letters,” but were told by FBI personnel, falsely, that the letters only asked the Federal Reserve whether it had records. NSLB instructed FBI officials to ensure no records were sought with the letters (p. 116).

    In fall of 2004 NSLB attorneys learned the letters were being used to obtain records, were being used in non-emergency situations, and after-the-fact NSLs covering these requests were delayed as long as six months. NSLB again advised FBI officials not to obtain financial documents except with a duly authorized NSL (p. 116-117).

    The FBI issued at least three “Certificate Letters” in contravention to NSLB advice (p. 117-118).

    Federal Reserve Bank officials told the IG they did not consider themselves a “financial institution” within the meaning of the RFPA, and did not consider Fedwire records “financial records.” Yet they admitted Federal Reserve Bank policy requires the FBI to issue RFPA NSLs before the FBI may obtain Fedwire records and “financial records,” and that they should not have provided records without RFPA NSLs (p. 117).

    Despite this, the IG could not reach a legal conclusion as to whether the Federal Reserve Bank is a “financial institution” within the meaning of RFPA, and could not conclude that the FBI’s practice of using “Certificate Letters” violated RFPA (p. 117).


    The IG report shows more than just poor management and incompetence in the FBI’s handling of its authorities under the NSL statutes. It shows widespread disregard for the few limits Congress imposed, and an institutional willingness to intentionally violate the law to collect vast troves of data that are not even being used to prosecute terrorists. The IG report shows that the ACLU was right to oppose this gross expansion of unchecked power.


    The full IG report is available at:

    Additional ACLU concerns about the use of NSLs is available at: www.aclu.org/nsl


    [1] The ACLU has challenged this Patriot Act statute in court with two cases: one involving an Internet Service Provider; the second a group of librarians. In both cases, the judges ruled that the gags were unconstitutional. The case involving the Internet Service Provider is ongoing because the ACLU and its client have challenged the constitutionality of the NSL provision itself. In court, the ACLU and its client are arguing that the provision violates the First Amendment insofar as it requires judges to rubber stamp gag orders issued by the FBI. Argument before the district court is expected in April. For more information about the ACLU’s legal challenges to the NSL provision, see www.aclu.org/nsl

    [2] Fedwire is the Federal Reserve Bank’s electronic funds and securities transfer service (p. 116-117).

    [3] The Intelligence Authorization Act of 2004 expanded the definition of “financial institution” in the RFPA to cover travel agencies, Western Union, real estate agents, insurance companies, casinos, car dealers, the Postal Service, and “an agency of the United States Government or of a State or local government carrying out a duty or power of a business Described in this paragraph”

    Related Issues

    Sign up to be the first to hear about how to take action.