ACLU Analysis and Recommendations: Justice Department OIG Report on Misuse of National Security Letters
NEW YORK - On March 9, 2007, as mandated by law, the Department of Justice’s
Office of Inspector General (OIG) issued a report on the FBI’s use of National
Security Letters (NSLs). The FBI used these NSLs to obtain phone and
financial records without a court order. The OIG report is available
Make a Difference
Your support helps the ACLU stand up for human rights and defend civil liberties.
The Department of Justice Office of the Inspector General (IG) looked at only a tiny sample of the hundreds of thousands of NSLs issued. This means the abuses the IG found are only the tip of the iceberg. That the IG found so many violations and abuses with such a small sample means there are major systemic problems with the FBI’s use of NSLs.
Below is the American Civil Liberties Union’s analysis of the IG’s findings and our specific recommendations. Page numbers in Roman numerals refer to the Executive Summary.
- OIG interviewed “over 100 FBI employees” at “FBI Headquarters and at the Department” as well as “over 50 FBI employees” at field offices in New York, Chicago, Philadelphia and San Francisco. (p. ix)
- At the field offices, OIG teams examined sample of 77 counterterrorism and counterintelligence investigative cases files and 293 NSLs to determine if the letters complied with statutes, Attorney General (AG) guidelines and FBI internal policy. (p. ix)
- The appendix to report includes comments by the AG, the Director of National Intelligence and the FBI. (p. x)
- Section 505 of the Patriot Act expanded approval authority to “Special Agents in Charge” of field offices to sign NSLs. Previously authority held by a group of senior FBI officials at headquarters. (p. x)
- The Patriot Act must be amended so that NSLs require the approval of senior level FBI officials. The fact that lower level agents can authorize NSLs leads to overuse and abuse of NSLs.
- During the time period covered by the IG’s review the “FBI had no policy or directive requiring the retention of signed copies of national security letters or any requirement to upload” NSLs into various FBI case management systems. (p. xiv-xv)
- The IG found that the FBI has “no uniform system for tracking responses to national security letters, either manually or electronically.” (p. xv)
- The data retention systems are not uniform.
- The FBI keeps NSL-derived information in various databases – including databases that are accessed by nearly 12,000 users, including members of Joint Terrorism Task Forces (JTTFs). (p. xv)
- The FBI is sharing information derived from NSL with other intelligence agencies. (p. xxii-xxiii)
- The FBI is using NSLs to establish evidence to support wiretap, electronic surveillance and physical search warrants. (p. xxii-xxiv)
- The FBI disseminated information derived from NSLs to a variety of federal, state, and local law enforcement agencies, including the National Security Agency (NSA), the CIA, and JTTFs. (p. xxvi)
- The FBI is even sharing information derived from NSLs with foreign governments. (p. xxii-xxiii)
- FBI policies do not require the purging of information derived fro NSLs in FBI databases, regardless of the outcome of the investigation. (p. xlii)
- The FBI must immediately purge these databases. The abuses of the NSL power led to the widespread dissemination of personal information about innocent Americans. Because of NSL abuses, FBI and other federal, state and local government databases are filled with information about innocent people.
- The FBI must keep accurate records. The FBI’s use of NSLs has been overbroad and sloppy. The public is supposed to believe that NSLs are a critical tool in keeping us safe, but the FBI cannot even be bothered to keep accurate records about the NSLs it issues or the information received through NSLs.
- The FBI must clean up its act. Sloppiness leads to mistakes and abuses. Mistakes in the NSL process ripple out in a myriad of ways because information gleaned through NSLs is disseminated to everyone from intelligence agencies like the CIA and NSA, to local and state police who participate in JTTFS. That information is used, among other things, to obtain wiretap applications, in deportation proceedings, and in criminal court.
- The IG found that the number of NSL requests reported to Congress in 2003, 2004, and 2005, were “significantly understated.” (p. xvii)
- After the Patriot Act, the number of NSL requests increased from 8,500 in 2000 to approximately 39,000 in 2003, approximately 56,000 in 2004, and approximately 47,000 in 2005. (p. xvi)
- These numbers actually significantly
underrepresented the number of NSL requests because of “incomplete or inaccurate
information” in the relevant database; because the “FBI did not consistently
enter” NSL information into the appropriate database in a timely manner; and
because of incorrect data entries. (p. xvi-xvii)
► The IG found approximately 17 percent more NSLs in the case files than were recorded in the database. (p. xvi)
► The IG found 22 percent more NSL requests in the case files than were recorded in the database. (p. xvi)
► The IG estimates that about 6 percent of NSL requests issued by the FBI from 2003-2005 were missing from the database. (p. xvii)
- Congress should amend the NSL statute so that gag orders are imposed only upon the authority of a court, and only where necessary to protect national security. Judicially imposed gag orders should be limited in scope and duration.
Number, Content, and Targets of Requests
- The IG found that from 2003 to 2005, the FBI issued a total of 143,074 NSL requests. (p. xviii)
- The number of NSL requests is different from the number of NSL letters because one “letter” may include more than one request. (p. xix)
- The “overwhelming majority” of these NSL requests sought the most sensitive information – telephone toll billing records, telephone and email subscriber information, or electronic communication transactional records. (p. xviii)
- The percentage of NSL requests generated from investigations of U.S. citizens and legal permanent residents increased from about 39 percent of all NSL requests in 2003 to about 53 percent of all NSL requests in 2005. (p. xx)
- Congress must investigate this broad expansion on the use of NSLs. The FBI is issuing many more NSLs than anyone ever imagined. Effective and meaningful oversight is necessary.
NSLs as Fishing Expedition
- The IG reported that the FBI’s analysis of personal information gleaned through NSLs is used to assist in the identification the NSL subject’s family members, associates, living arrangements and contacts. (p. xxiv)
- The FBI uses this information about family and association to “generate new leads.” (p. xxiv)
- NSLs require only a threshold showing of “relevance to an authorized investigation.” As a result, the FBI uses NSLs to obtain personal information “two or three steps removed” from the target of any investigation. (p. xlii)
- The FBI maintains no information on whether the target of the NSL is the subject of an underlying investigation or another individual. (p. xliv)
- Congress must repeal the expansion of the NSL power that allows the FBI to demand information about totally innocent people who are not the targets of any investigation. The standard should return to the requirement that NSLs seek only records that pertains to terrorism suspects and other agents of foreign powers.
- The FBI should not be using NSLs to investigate people two or three steps removed from any criminal or terrorist activity.
Violations and Misuse of the NSL Power
- The IG found several instances of improper or illegal use of NSLs. (p. xxviii)
- The FBI issued NSLs even where no underlying investigation had been approved; obtained personal information from companies without even issuing NSLs; obtained more information from recipients than was requested; and obtained information about telephone numbers that did not belong to the target of the NSLs. (p. xxix)
- Some NSL recipients provided prohibited content information, including voice messages, e-mail, and images. (p. xxx)
- In one example, the FBI issued an NSL to a North Carolina university that sought several categories of records, including applications for admission, housing information, emergency contacts and campus health records. (p. xxxii)
- Congress must investigate to uncover all of the abuses and to hold the perpetrators accountable. The IG found many serious abuses in a small sampling of NSLs.
- Congress, not the FBI, must investigate. The FBI cannot be relied upon to police itself.
- The NSL power as expanded by the Patriot Act must be repealed. It should come as no surprise that the secrecy surrounding NSLs has led to rampant abuses that have compromised the privacy rights of Americans.
Lack of Internal and Statutory Guidance
- The IG found violations of internal regulations in three categories: 1) improper authorization for NSLs; 2) improper requests under the NSL statutes; and 3) unauthorized collections. (p. xxxi)
- FBI agents were confused about the authorities available under the various NSL statutes. The FBI did not issue comprehensive guidance about NSL-related infractions until November 2006, more than 5 years after the Patriot Act was enacted. (p. xxxiii-xxxiv)
- The lack of any definition of “toll billing records information” has confused both FBI agents and the recipients of NSLs about the scope of NSL demands for information. (p. xliii)
- The FBI must provide better training for its agents to ensure they comply with the law. Once again the FBI’s failure to train its personnel resulted in serious civil liberties abuses by FBI agents.
- Congress should amend the NSL statute to define the phrase “toll billing records information.”
- The FBI relied on “exigent letters” that were totally unauthorized by law to demand telephone toll billing records and subscriber information. (p. xxxv)
- The FBI entered into contracts with three telephone companies to obtain information outside of the NSL process through “exigent letters.” Over 700 exigent letters were issues to the three companies between March 2003 and December 2005. (p. xxxv)
- There were sometimes no open investigations tied to the “exigent letter” requests. (p. xxxvi)
- The exigent letters stated that, “subpoenas requesting this information have been submitted to the U.S. Attorney’s Office who will process and serve them formally as expeditiously as possible.” (p. xxxvi)
- In fact, in a sample the IG reviewed, it could not confirm “one instance in which a subpoena had been submitted to any United States Attorney’s Office before the exigent letter was sent to the telephone companies.” (p. xxxviii)
- Congress must clarify this power and stop the FBI from using this loophole. The FBI deliberately demanded personal information using “exigent letters” which are totally unauthorized by law, and lied about whether the demands were related to actual investigations or supported by pending requests for subpoenas. These actions contradict the IG’s conclusion that the NSL abuses involved no “intentional” violates of law.
- The FBI must immediately notify the subjects of the “exigent letters” about the unauthorized invasion of their privacy rights.
- The FBI must name the phone companies who entered into contracts to provide personal information not authorized by statute.