A Review of the Federal Bureau of Investigation's Use of National Security Letters - Office of the Inspector General March 2007 (Unclassified) 9mar2007

Sections from:

A Review of the Federal Bureau of Investigation's
Use of National Security Letters

Office of the Inspector General March 2007
(Unclassified)
9mar2007

CHAPTER ONE
INTRODUCTION

In the Patriot Reauthorization Act, enacted in 2006, Congress directed the Department of Justice (Department) Office of the Inspector General (OIG) to review "the effectiveness and use, including any improper or illegal use, of national security letters issued by the Department of Justice."¹."' The Act required the OIG to conduct reviews of the use of national security letters for two separate time periods.² This report describes the results of the first OIG review of the FBI's use of national security letters (NSLs), covering calendar years (CY) 2003 through 2005.³

I. Provisions of the USA Patriot Act and Reauthorization Act

In October 2001, in the wake of the September 11 terrorist attacks, Congress passed the USA PATRIOT Act.⁴ Section 505 of the Patriot Act expanded four existing statutes (the "national security letter statutes") that authorized the Federal Bureau of Investigation (FBI) to use national security letters to obtain certain specified types of information from third parties for use in authorized counterintelligence, counterterrorism, and foreign computer intrusion cyber investigations. As part of the Patriot Act legislation, Congress enacted a fifth NSL authority permitting the FBI to use national security letters to obtain consumer full credit reports in international terrorism investigations.

National security letters, which are written directives to provide information, are issued by the FBI directly to third parties, such as telephone companies, financial institutions, Internet service providers, and consumer credit agencies, without judicial review. In these letters, the FBI

_____________________________________
¹ USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. L. No. 109-177, § 119(a), 120 Stat. 192 (2006) (Patriot Reauthorization Act).

² Although the Act only required the OIG to include calendar years 2003 through 2004 in the first report, we elected to also include 2005 in this first report. The second report, which is due to Congress on December 31, 2007, will cover calendar year 2006.

³ The Patriot Reauthorization Act also directed the OIG to conduct reviews on the use and effectiveness of Section 215 orders for business records, another investigative authority that was expanded by the Patriot Act. The OIG's first report on the use and effectiveness of Section 215 orders is contained in a separate report issued in conjunction with this review of NSLs.

⁴ The term "USA PATRIOT Act" is an acronym for the law entitled the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (2001). This law is commonly referred to as "the Patriot Act."

can direct third parties to provide customer account information and transactional records, such as telephone toll billing records.⁵

The national security letter authorities expanded by the Patriot Act were originally scheduled to sunset on December 31, 2005, but were temporarily extended by Congress until it finalized a reauthorization bill. Congress passed the reauthorization bill in early 2006, and on March 9, 2006, the President signed into law the Patriot Reauthorization Act, which, among other things, reauthorized the five national security letter authorities.

In the Patriot Reauthorization Act, Congress directed the OIG's review to include:

an examination of the use of national security letters by the Department of Justice during calendar years 2003 through 2006;

a description of any noteworthy facts or circumstances relating to such use, including any improper or illegal use of such authority; and

an examination of the effectiveness of national security letters as an investigative tool, including -

the importance of the information acquired by the Department of Justice to the intelligence activities of the Department of Justice or to any other department or agency of the Federal Government;

the manner in which such information is collected, retained, analyzed, and disseminated by the Department of Justice, including any direct access to such information (such as access to "raw data") provided to any other department, agency, or instrumentality of Federal, State, local, or tribal governments or any private sector entity;

whether, and how often, the Department of Justice utilized such information to produce an analytical intelligence product for distribution within the Department of Justice, to the intelligence community . . ., or to other Federal, State, local, or tribal government departments, agencies or instrumentalities;

__________________________________________
⁵ The statutes do not authorize the FBI to collect the content of telephone calls and e-mail. For that information, the FBI must obtain court approval or voluntary production of the records pursuant to 18 U.S.C. § 2702(b)(8) (2000).

whether, and how often, the Department of Justice provided such information to law enforcement authorities for use in criminal proceedings; ....⁶

According to the Patriot Reauthorization Act, the OIG's first report on the FBI's use of national security letters is due to Congress on March 9, 2007.

I. Methodology of the OIG Review

In this review, the OIG conducted interviews of over 100 FBI employees, including personnel at FBI Headquarters in the Office of the General Counsel (FBI-OGC), Counterterrorism Division, and Counterintelligence Division, and personnel in four field divisions. We also interviewed officials in the Department's Criminal Division and National Anti-Terrorism Advisory Council Coordinators. We also attended background briefings regarding national security letters and the databases in which information derived from national security letters is stored and analyzed. We examined over 31,000 FBI documents from FBI Headquarters operational and support divisions and four field divisions pertaining to national security letters. Among the documents we analyzed were Headquarters guidance memoranda; correspondence; and reports by the FBI's Inspection Division, FBI-OGC, and Office of Professional Responsibility. In addition, we analyzed documents from the Department's Office of Legislative Affairs that included testimony, memoranda, and hearing transcripts regarding the oversight and reauthorization of the Patriot Act, including provisions affecting national security letter authorities and semiannual classified reports to Congress on the FBI's use of national security letter authorities.

OIG teams also examined FBI case files that contained national security letters and conducted interviews at four FBI field divisions in May and June 2006: Chicago, New York, Philadelphia, and San Francisco. These field divisions were selected from among the eight field divisions that issued the most national security letter requests during the period of our review, from 2003 through 2005. At the four field divisions, we conducted interviews of 52 FBI personnel, including an Assistant Director in Charge, Special Agents in Charge, Acting Special Agents in Charge, Assistant Special Agents in Charge, supervisory special agents overseeing counterterrorism and counterintelligence squads, Chief Division Counsel and Assistant Division Counsel, special agents, intelligence analysts, and intelligence research specialists.

______________________________
⁶ Patriot Reauthorization Act, § 119(b).

Also at the four field divisions, we examined a judgmental sample of 77 counterterrorism and counterintelligence investigative case files. Those files contained approximately 800 requests for information under four of the five national security letter authorities. Of that total, we reviewed up to 5 national security letters in each investigative file, for a total of 293 national security letters issued from January 1, 2003, through December 31, 2005. We reviewed those documents to determine whether the national security letters were issued in accordance with the relevant statutes, Attorney General Guidelines, and FBI policies. With regard to these national security letters, we reviewed documentation pertaining to case initiations, authorizations, delivery to the designated recipients, the recipients' production of documents and electronic media in response to the letters, retention of that information, and the analysis and dissemination of the information within the Department, to the intelligence community, and to others.

CHART 1.1
Relationship Between NSLs and NSL Requests
(2003 through 2005)

In this report, we often refer to the number of national security letter requests rather than the number of national security letters because one "letter" may include more than one request. That is, during an investigation several national security letters may be issued. and each letter may contain several requests. For example, one letter to a telephone company may request information on seven telephone numbers. As a result, the numbers normally presented in the FBI's classified reports to Congress and in its public report are the numbers of requests made, not the number of letters issued. In this report, we fallow that same approach. This chart shows the relationship we found between the number of investigations. NSLs. and NSL requests from 2003 through 2005 by counterterrorism and counterintelligence cases. Fewer than one percent of all NSL requests during this period were issued in foreign computer intrusion cyber investigations.

Source: FBI-OGC Database

The NSL request totals un this chart. are less than the [REDACTED] NSL requests noted above because they do not include NSL requests issued in connection with cyber investigations or the total number of NSL requests that were lost due to a malfunction of the OGC database.

The OIG also analyzed the FBI-OGC's National Security Letter Database (OGC database), which the FBI uses for collecting information necessary to compile the Department's semiannual classified reports to Congress on NSL usage and, since passage of the Patriot Reauthorization Act, to compile the Department's annual public report on NSL usage. During the period of our review, the Department was directed to file semiannual classified reports to Congress reflecting the number of "NSL requests" the FBI made pursuant to three of the five national security letter authorities (see Chart 1. 1.), We also analyzed this OGC database to assess the accuracy and reliability of

the FBI's reports. We compared the OGC database entries to the documentation of the use of these authorities in the field divisions' investigative case files and performed other tests. These tests revealed significant errors in the OGC database, which we describe in Chapter Four. However, although we recognize the limitations of the OGC database, we used data from the OGC database for some of our analysis because it is the only source of centralized data on the FBI's Use of NSLs.

During this review, we also distributed an e-mail questionnaire to the counterintelligence and counterterrorism squads in the FBI's 56 domestic field offices to attempt to determine the types of analytical products the FBI developed based on national security letters; the manner in which national security letter-derived information was disseminated within the Department, to other members of the intelligence community, and to others; and the occasions when such information was provided to law enforcement authorities for use in criminal proceedings.

II. Organization of the Report

This report is divided into eight chapters. Following this introduction, Chapter Two provides background on the use of national security letters, the Attorney General Guidelines which govern the FBI's conduct of national security investigations, and the roles of several FBI Headquarters divisions and components involved in the approval and operational use of national security letters.

Chapter Three describes the manner in which the FBI collects information by issuing national security letters and how it retains the information in investigative case files, shared computer drives, and databases.

Chapter Four presents data on the FBI's use of national security letters from 2003 through 2005. This information is based on data derived from the OGC database, the Department's semiannual classified reports to Congress on NSL usage, and our field work.

Chapter Five addresses other issues the Patriot Reauthorization Act directed the OIG to review regarding the use and effectiveness of national security letters, including the importance of the information acquired and the manner in which information from national security letters is analyzed and disseminated within the Department, to other members of the intelligence community, and to other entities.

Chapter Six reports our findings on instances of improper or illegal use of national security letter authorities, including instances identified by the FBI, as well as other instances identified by the OIG.

Chapter Seven reports other noteworthy facts or circumstances identified in the review, including the interpretation of the Attorney General Guidelines' requirement to use the "least intrusive collection techniques

feasible" with regard to the use of national security letters; uncertainty about the types of telephone toll billing records the FBI may obtain pursuant to an Electronic Communications Privacy Act (ECPA) national security letter; the review by Division Counsel of NSL requests; the issuance of NSLs from control files rather than investigative files, in violation of FBI policy; the FBI's use of "certificate letters" rather than Right to Financial Privacy Act (RFPA) national security letters to obtain records from Federal Reserve Banks; and the FBI's failure to include in the OGC database information reflecting the use of NSLs to obtain information on individuals who are not subjects of FBI investigations.

Chapter Eight contains a summary of our conclusions and our recommendations.

The Appendix to the report contains comments on the report by the Attorney General, the Director of National Intelligence, and the FBI. The Appendix also contains copies of the national security letter statutes in effect prior to the Patriot Reauthorization Act. The classified report also contains a classified appendix.

CHAPTER TWO BACKGROUND

In this chapter we describe the five national security letter authorities and the Attorney General Guidelines that govern their use. We also describe the roles of FBI Headquarters divisions and field components in issuing and using these letters in national security investigations.

I. Background on National Security Letters

Over the last 20 years, Congress has enacted a series of laws authorizing the FBI to obtain certain types of information from third parties in terrorism, espionage, and classified information leak investigations without obtaining warrants from the Foreign Intelligence Surveillance Court or approval from another court.⁷ These include five statutory provisions that authorize the FBI to obtain customer and consumer transactional information from communications providers, financial institutions, and consumer credit agencies by issuing national security letters (NSLs).⁸ All but one of these provisions - the statute allowing access to consumer full credit reports in international terrorism investigations - predated the October 2001 passage of the Patriot Act. The authorizing statutes in effect prior to the Patriot Act required certification by a senior FBI Headquarters official that the FBI had "specific and articulable facts giving reason to believe that the customer or entity whose records are sought is a foreign

__________________________________________________
⁷ FBI investigations of terrorism and espionage are called "national security investigations," which are conducted pursuant to the Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (Oct. 31, 2003) (NSL Guidelines). NSLs are not authorized in connection with FBI conduct of ordinary criminal investigations or domestic terrorism investigations.

⁸ The five statutes are:

1) U.S.C. § 2709 (covering subscriber information and telephone toll billing records information and electronic communication transactional records);
2) U.S.C. § 3414 (covering financial records);
3) U.S.C. § 1681u (covering the naines and addresses of all financial institutions at which a consumer maintains or has maintained an account; and the consumer's name, address, former addresses, places of employment or former places of employment);
4) 15 U.S.C. § 1681v (covering consumer reports and all other information in a consumer's file in international terrorism investigations); and
5) U.S.C. § 436 (covering financial records, other financial information, and consumer reports in law enforcement investigations, counterintelligence inquiries, or security determinations). See Appendix A of this report for the text of the five statutes prior to the effective date of the Patriot Reauthorization Act.
The phrase "national security letter" was not used in any of the authorizing statutes, but was commonly used to refer to these authorities. The term was first used in legislation in the Patriot Reauthorization Act.

power or agent of a foreign power" as defined in the Foreign Intelligence Surveillance Act of 1978.⁹

A. The Patriot Act

The September 11 attacks prompted a reevaluation of the law enforcement and intelligence tools that were available to detect and prevent terrorist attacks. Among the topics Congress and the Department of Justice considered was the use of national security letters.¹⁰ The Department reported in Congressional testimony that "in many cases,

counterintelligence and counterterrorism investigations suffer substantial delays while waiting for NSLs to be prepared, returned from Headquarters, and served.^"¹¹

The Patriot Act significantly expanded the FBI's preexisting authority to obtain information through national security letters. Section 505 of the Patriot Act broadened the FBI's authority by:

Eliminating the requirement that the information sought in an NSL must pertain to a foreign power or an agent of a foreign power and substituting the lower threshold that the information requested be relevant to or sought for an investigation to protect against international terrorism or espionage, provided that the investigation of a United States person is not conducted "solely on the basis of activities protected by the first amendment of the Constitution of the United States";
Permitting, as a consequence of this lower threshold, national security letters to request information from communication providers, financial institutions, and consumer credit agencies

______________________________________________
⁹ See, e.g., 18 U.S.C. § 2709 (2000) ; 50 U.S.C. §§ 1801-1811 (2000).

¹⁰ S. 1448, The Intelligence to Prevent Terrorism Act of 2001 and Other Legislative Proposals in the Wake of the September 11, 2001 Attacks: Hearing Before the Senate Select Comm. On Intelligence, 107th Cong. (2002); Dismantling the Financial Infrastructure of Global Terrorism: Hearing Before the House Comm. on Fin. Servs., 107th Cong. (2002); The Role of Technology in Preventing the Entry of Terrorists into the United States: Hearing Before the Senate Subcomm. on Tech., Terrorism, Gov't Info. of the Comm. on the Judiciary, 107th Cong. (2002).

¹¹ Hearing Before the House Comm. on the Judiciary, 107th Cong. 57-58 (2001) (Administration's Draft Anti-Terrorism Act of 2001). This view also was reflected in post-Patriot Act testimony at hearings considering whether to reauthorize the NSL authorities in the Patriot Act. See Tools Against Terror: How the Administration is Implementing New Laws in the Fight to Protect Our Homeland: Hearing Before the Subcomm. on Technology, Terrorism, and Gov't Info. of the Senate Comm. on the Judiciary, 107th Cong. 139 (2002) (statement of Dennis Larmel, Chief, Terrorist Financing Operations Section, Counterterrorism Division, FBI) ("Delays in obtaining NSLs has long been identified as a significant problem relative to the conduct of counterintelligence and counterterrorism investigations.")

about persons other than the subjects of FBI national security investigations so long as the requested information is relevant to an authorized investigation; and

Permitting Special Agents in Charge of the FBI's 56 field offices to sign national security letters, thus significantly expanding approval authority beyond senior FBI Headquarters officials.¹²

In addition to expanding preexisting NSL authorities, the Patriot Act added a new NSL authority permitting the FBI and certain other federal government agencies to use NSLs to obtain access to consumer full credit reports in international terrorism investigations pursuant to an amendment to the Fair Credit Reporting Act (FCRA).¹³ Prior to this amendment, the FBI could use FCRA NSLs only to obtain basic financial institution and consumer-identifying information about the person's bank accounts, places of employment, and addresses.¹⁴

The Patriot Act did not alter existing provisions in the statutes barring recipients of national security letters from disclosing their receipt of the letters and from disclosing the records provided. These so-called "gag order" provisions prohibited NSL recipients from challenging NSLs in court. Similarly, NSL authorities prior to the Patriot Act did not provide an express mechanism by which the FBI could enforce an NSL in court if a recipient refused to comply. The Patriot Act also did not include any express enforcement mechanism.

The pre-Patriot Act statutes required the FBI to provide classified semiannual reports to Congress disclosing summary information about national security letter usage.¹⁵ The Patriot Act continued to require classified reports to Congress on the FBI's use of its NSL authorities.

________________________________
¹² Prior to the Patriot Act, approximately 10 FBI Headquarters officials were authorized to sign national security letters, including the Director, Deputy Director, and the Assistant Directors and Deputy Assistant Directors of the Counterterrorism and Counterintelligence Divisions. Under the Patriot Act, the heads of the FBI's 56 field offices (Assistant Directors in Charge or Special Agents in Charge) may also issue NSLs. Since enactment of the Patriot Act, approval to sign NSLs has also been delegated to the Deputy Director, Executive Assistant Director (EAD), and Assistant EAD for the National Security Branch; Assistant Directors and all Deputy Assistant Directors for the Counterterrorism, Counterintelligence, and Cyber Divisions; all Special Agents in Charge of the New York, Washington, D.C., and Los Angeles field offices, which are headed by Assistant Directors in Charge; the General Counsel; and the Deputy General Counsel for the National Security Law Branch in the Office of the General Counsel.

¹³ 15 U.S.C. § 1681v (Supp. IV 2005).

¹⁴ 15 U.S.C. § 1681u (2000).

¹⁵ The national security letter authority in the National Security Act, which allows collection of financial records and information, consumer reports, and travel records, did not require reports to Congress. See 50 U.S.C. § 436 (2000).

B. Types of Information Obtained by National Security Letters

The type of information the FBI can obtain through national security letters includes:

Telephone and e-mail Information

Historical information on telephone calls made and received from a specified number, including land lines, cellular phones, prepaid phone card calls, toll free calls, alternate billed number calls (calls billed to third parties), and local and long distance billing records associated with the phone numbers (known as toll records);
Electronic communication transactional records (e-mails), including e-mail addresses associated with the account; screen names; and billing records and method of payment; and
Subscriber information associated with particular telephone numbers or e-mail addresses, such as the name, address, length of service, and method of payment.

Financial Information

Financial information such as information concerning open and closed checking and savings accounts and safe deposit box records from banks, credit unions, thrift institutions, investment banks or investment companies, as well as transactions with issuers of travelers checks, operators of credit card systems, pawnbrokers, loan or finance companies, travel agencies, real estate companies, casinos, and other entities.

Consumer Credit Information

Names and addresses of all financial institutions at which a consumer maintains or has maintained an account;
Identifying information respecting a consumer ... limited to name, address, former addresses, places of employment, or former places of employment; and
Consumer reports of a consumer and all other information in a consumer's file (full credit reports).

C. The Patriot Reauthorization Act

The Patriot Reauthorization Act reauthorized all of the provisions that were subject to lapse or "sunset" in the original Patriot Act (with some modification), including the five NSL authorities.¹⁶ One of the modifications

________________________________________________
¹⁶ Pub. L. No. 109-177, § 102(a) (2006). The Patriot Reauthorization Act modified the non-disclosure requirements regarding national security letters. An NSL recipient may now disclose the NSL in connection with seeking legal advice or complying with the NSL. In

required the Department to issue, in addition to its semiannual classified reports, annual public reports that disclose certain data on the FBI's national security letter requests. The public report must include the aggregate number of NSL requests issued pursuant to the five NSL statutes including, for the first time, data on the use of the full credit report authority established pursuant to the Fair Credit Reporting Act, the only new NSL authority enacted by the Patriot Act.

The Department's first public annual report pursuant to the Patriot Reauthorization Act on the use of NSL authorities was issued on April 28, 2006.¹⁷ The report stated that during calendar year 2005, federal government agencies issued 9,254 "NSL requests" involving 3,501 different "United States persons."¹⁸

II The Four National Security Letter Statutes

The following is a brief overview of the four statutes authorizing the FBI to issue five types of national security letters.

A. The Right to Financial Privacy Act

The Right to Financial Privacy Act (RFPA) was enacted in 1978 "to protect the customers of financial institutions from unwarranted intrusion into their records while at the same time permitting legitimate law enforcement activity."¹⁹ The RFPA requires federal government agencies to provide individuals with advance notice of requested disclosures of personal financial information and gives individuals an opportunity to challenge the request before disclosure is made to law enforcement authorities.²⁰

The first NSL statute was passed in 1986 as an amendment to the RFPA. It created an exception to the advance notice requirement by permitting the FBI to obtain financial institution records in foreign

________________________________________
(cont'd.)

addition, the Patriot Reauthorization Act permits the NSL recipient to challenge compliance with the NSL and the non-disclosure requirement in federal court. In addition, the government may seek judicial enforcement of NSLs in the event of non-compliance.

¹⁷ See Letter from William E. Moschella, Assistant Attorney General, to L. Ralph Mecham, Director, Administrative Office of the United States Courts (April 28, 2006), at 3.

¹⁸ Id. In Chapter Four we describe the categories of NSL requests that are included and excluded from the public report.

¹⁹ H.R. Rep. No. 95-1383, at 33 (1978), reprinted in 1978 U.S.C.C.A.N. 9273, 9305. The RFPA was enacted in response to the Supreme Court's decision in United States v. Miller, 425 U.S. 435 (1976), which held that customers of banking services had no expectation of privacy under the Fourth Amendment and therefore could not contest government access to their records.

²⁰ 12 U.S.C. §§ 3401-3422 (2000).

counterintelligence cases. Before the Patriot Act, the FBI could issue RFPA NSLs upon certification of

specific and articulable facts giving reason to believe that the customer or entity whose records are sought is a foreign power or an agent of a foreign power. ...21

Since the Patriot Act, the FBI may obtain financial records upon certification that the information is sought

for foreign counterintelligence purposes to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States.²²

In December 2003, Congress amended the RFPA to expand the definition of "financial institutions" to which NSLs could be issued, including entities such as rental car companies, automobile dealerships, credit unions, issuers of travelers' checks, pawnbrokers, and real estate companies.²³

The FBI can disseminate information derived from the RFPA national security letters only in accordance with the Attorney General Guidelines governing national security investigations and can disseminate such information to other federal agencies only if the information is clearly relevant to the authorized responsibilities of those federal agencies.²⁴

B. The Electronic Communications Privacy Act

In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA), which extended statutory protection to electronic and wire communications stored by third parties such as telephone companies and Internet Service Providers.²⁵ The statute restricted the government's access to live telephone transactional data, such as the telephone numbers that a particular telephone number calls or received (known as "pen register" and

________________________________________
²¹ 12 U.S.C. § 3414(a)(5)(A) (2000).

²² 12 U.S.C. § 3414(a)(5)(A) (2000 & Supp. IV 2005). Financial records accessible to the FBI under the RFPA were also subject to compulsory process through subpoenas, search warrants, and formal requests, all of which, with limited exceptions, required notice to the customer.

²³ See 12 U.S.C. § 3414(d) (2000 & Supp. IV 2005), as amended by the Intelligence Authorization Act for Fiscal Year 2004, Pub. L. No. 108-77, § 374(a) (2004), which incorporated the definition of "financial institution" set forth in 31 U.S.C. §§ 5312(a)(2) and (c)(1).

²⁴ 12 U.S.C. § 3414(a)(5)(B) (2000).

²⁵ 18 U.S.C. § 2709 (1988).

"trap and trace" data). The ECPA required the government to obtain a court order for which it must certify the relevance of the information to an ongoing criminal investigation.²⁶ The statute requires that subjects of government requests for these records be given advance notice of the requested disclosure and an opportunity to challenge the request.

However, the ECPA allowed the FBI to obtain "subscriber information and toll billing records information, or electronic communication transactional records" from a "wire or electronic communications service provider" in conjunction with a foreign counterintelligence investigation. Before the Patriot Act, the FBI could obtain ECPA NSLs upon certification of

specific and articulable facts giving reason to believe that the person or entity to whom the information sought pertains is a foreign power or an agent of a foreign power. ...²⁷

Since the Patriot Act, the FBI must certify that the information sought is

relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities provided that such an investigation of a United States person is not conducted solely on the basis on activities protected by the first amendment to the Constitution of the United States.²⁶

In 1993, Congress expanded the ECPA NSL authority by permitting access to the subscriber' and toll billing records of additional persons, such as those who were in contact with agents of a foreign power.²⁹ Congress amended the ECPA again in 1996 by defining "toll billing records" to expressly include "local and long distance toll billing records. "30

Recipients of ECPA NSLs were prohibited until the Patriot Reauthorization Act from disclosing to any person that the FBI had sought or obtained the requested information.³¹

_________________________________________
²⁶ A "pen register" is a device that records the numbers that a target telephone is dialing. A "trap and trace" device captures the telephone numbers that dial a target telephone. See 18 U.S.C. § 3127 (2000).

²⁷ 18 U.S.C. § 2709(b)(1)(B) (2000).

28 18 U.S.C. § 2709(b)(2) (2000 & Supp. IV 2005).

²⁹ Pub. L. No. 103-142, § 2, 107 Stat. 1491 (1993). The 1993 amendment also provided additional congressional reporting requirements. Id.

³⁰ Intelligence Authorization Act for Fiscal Year 1997, Pub. L. No. 104-293, § 601(a), 110 Stat. 3461 (1996).

³¹ 18 U.S.C. § 2709(c) (2000).

The FBI may disseminate information obtained from ECPA NSLs to other federal agencies "only if such information is clearly relevant to the authorized responsibilities of such agency. "³²

The ECPA permits access only to "subscriber and toll billing records information" or "electronic communication transactional records," as distinguished from the content of telephone conversations or e-mail communications.³³

C. The Fair Credit Reporting Act

The Fair Credit Reporting Act (FCRA), as amended by the Patriot Act, authorizes two types of national security letters, FCRAu and FCRAv NSLs. The FCRA was enacted in 1970 to protect personal information collected by credit reporting agencies.³⁴ The FCRA prohibits the disclosure of information collected for the purpose of establishing eligibility for credit, insurance, employment, and other related purposes.

However, Congress amended the FCRA in 1996 to authorize the FBI (and certain other government agencies) to issue national security letters to obtain a limited amount of information about an individual's credit history: the names and addresses of all financial institutions at which a consumer maintains or has maintained an account pursuant, referred to as FCRAu NSLs; and consumer identifying information limited to name, address, former addresses, places of employment and former places of employment.³⁵ Before the Patriot Act, the FBI could obtain FCRA NSLs upon certification that

(1) such information is necessary for the conduct of an authorized foreign counterintelligence investigation; and
(2) there are specific and articulable facts giving reason to believe that the consumer -

(A) is a foreign power or a person who is not a United States person and is an official of a foreign power; or
(B) is an agent of a foreign power and is engaging or has engaged in an act of international terrorism or clandestine

_________________________________
³² 18 U.S.C. § 2709(d) (2000).

³³ 18 U.S.C. § 2709(a) (2000). ECPA requires a warrant for the interception and surveillance of the content of a telephone call or e-mail communication. See 18 U.S.C. §§ 2511 (Wiretap Act) and 3121 (Pen Register Act). See also 18 U.S.C. § 2702(b)(8) (2000).

³⁴ 15 U.S.C. § 1681 et seq (2000).

³⁵ Intelligence Authorization Act for Fiscal Year 1996, Pub. L. No. 104-93, § 601(a), 109 Stat. 961, codified at 15 U.S.C. § 1681u (Supp. V. 1999).

intelligence activities that involve or may involve a violation of criminal statutes of the United States.³⁶

Since the Patriot Act, the FBI must certify that the information is

sought for the conduct of an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution of the United States.³⁷

In 2001, the Patriot Act amended the FCRA to add a new national security letter authority (FCRAv). The Patriot Act amendment to the FCRA authorizes the FBI and other government agencies that investigate or analyze international terrorism to obtain a consumer reporting agency's credit reports and "all other" consumer information in its files in accordance with the following provision:

[A] consumer credit agency shall furnish a consumer credit report of a consumer and all other information in a consumer's files to a government agency authorized to conduct investigations of, or intelligence or counterintelligence activities or analysis related to, international terrorism when presented with a written certification by such government agency that such information is necessary for the agency's conduct or such investigation, activity or analysis.³⁸

This NSL authority is available to the FBI only in connection with international terrorism investigations. Until the Patriot Reauthorization Act, recipients of FCRA NSLs were prohibited from disclosing to any person that the FBI had sought or obtained the requested information.

D. The National Security Act .

In 1994, in the wake of the espionage investigation of former Central Intelligence Agency employee Aldrich Ames, Congress enacted an additional NSL authority by amending the National Security Act of 1947. The amendment authorized NSLs to be issued in connection with investigations of improper disclosure of classified information by government employees.³⁹

______________________________________
³⁶ 15 U.S.C. § 1681u (2000).

³⁷ 15 U.S.C. § 1681u(a)-(b) (2000 & Supp. IV 2005).

³⁸ Patriot Act, § 358(g) (2001). Unlike other NSL statutes, the full credit report NSL authority is available not only to the FBI but also to other federal government agencies. This provision does not contain an express prohibition on dissemination.

³⁹ See H.R. Rep. No. 103-541 (1994) and H.R. Conf. Rep. No. 103-753 (1994), reprinted in 1994 U.S.C.C.A.N. 2703.

The statute permits the FBI to make requests to financial agencies and other financial institutions and consumer reporting agencies "in order to conduct any authorized law enforcement investigation, counterintelligence inquiry, or security determination."⁴⁰ Prior to the Patriot Reauthorization Act, recipients of National Security Act NSLs, like recipients of RFPA and ECPA NSLs, were prohibited from disclosing to any person that the FBI had sought or obtained the requested information, with some exceptions.

National Security Act NSLs are rarely used by the FBI.⁴¹

III. The Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection

National security letters may be issued by the FBI in connection with national security investigations, which are governed by Attorney General Guidelines.

During the time period covered by this report, calendar years 2003 through 2005, the Attorney General Guidelines for national security investigations were revised. From January 1, 2003, through October 31, 2003, investigations of international terrorism or espionage were governed by the Attorney General Guidelines for FBI Foreign Intelligence Collection and Foreign Counterintelligence Investigations (FCI Guidelines) (March 1999). Effective October 31, 2003, these investigations were conducted pursuant to the Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (NSL Guidelines).⁴²

A. Levels of Investigative Activity under the FCI Guidelines (January 1, 2003 - October 31, 2003)

The FCI Guidelines authorized two levels of investigative activity: preliminary inquiries and full investigations. The FCI Guidelines identified the basis or "predicate" for opening each type of investigation as well as the authorized techniques permitted at each stage. Full foreign counterintelligence investigations permitted the FBI to gather information and conduct activities

to protect against espionage and other intelligence activities, sabotage, or assassinations conducted by, for or on behalf of

________________________________________
⁴⁰ 50 U.S.C. § 436(a)(1) (2000).

⁴¹ These NSLs were used to obtain bank account, credit card, and loan transaction information to support the predicate for the FBI's espionage investigation of Aldrich Ames. See Commission for Review of FBI Security Programs (March 31, 2002)(Webster Commission), at 66.

⁴² Both sets of Guidelines are partially classified.

foreign powers, organizations or persons, or international terrorist activities ....⁴³

The FCI Guidelines did not permit the FBI to use national security letters during preliminary inquiries, only during full investigations. However, following the September 11 attacks, the Attorney General authorized the use of NSLs during preliminary inquiries with prior approval by the Attorney General and the FBI Director.⁴⁴

B. Levels of Investigative Activity under the NSL Guidelines (October 31, 2003)

The NSL Guidelines issued on October 31, 2003, which remain in effect today, authorize the FBI to conduct investigations concerning threats or potential threats to the national security, including threats arising from international terrorism, espionage, other intelligence activities, and foreign computer intrusions. The NSL Guidelines authorize three levels of investigative activity - threat assessments, preliminary investigations, and full investigations - and prescribe the investigative techniques available during each investigative stage.

Threat Assessments: Under the NSL Guidelines, the FBI is authorized to conduct threat assessments

The NSL Guidelines do not permit the FBI to issue national security letters during a threat assessment.

Preliminary Investigations: Under the NSL Guidelines, a preliminary investigation (previously known as a "preliminary inquiry") can be initiated or "opened" by certain Headquarters officials or by a field office with the approval of certain field supervisors. A preliminary investigation can be opened when there is information or an allegation indicating the existence of one of several identified circumstances. In preliminary investigations, FBI

_______________________________________
⁴³ FCI Guidelines, § II(D).

⁴⁴ In January 2003, the Attorney General issued a memorandum modifying the FCI Guidelines by authorizing designated Headquarters officials and Special Agents in Charge designated by the FBI Director to issue ECPA, RFPA, and FCRAu NSLs during preliminary inquiries.

⁴⁵ NSL Guidelines, § II(A). The authorized techniques permitted during threat assessments are classified.

agents are authorized to employ the activities and techniques permitted to be used during threat assessments as well as certain other investigative techniques, including the issuance of national security letters.⁴⁶

Full Investigations: Under the NSL Guidelines, full investigations may be opened when there are "specific and articulable facts giving reason to believe that a threat to the national security may exist."⁴⁷ During these investigations, FBI agents are authorized to employ the activities and techniques permitted to be used during threat assessments and preliminary investigations, as well as certain other investigative techniques.⁴⁸ National security letters are permitted to be used during full investigations.

The NSL Guidelines also provide guidance concerning the selection of authorized techniques during different investigative stages:

Choice of Methods. The conduct of investigations authorized by these Guidelines may present choices between the use of information collection methods that are more or less intrusive, considering such factors as the effect on the privacy of individuals and potential damage to reputation. As Executive Order 12333 § 2.4 provides, "the least intrusive collection techniques feasible" are to be used in such situations. It is recognized, however, that the choice of techniques is a matter of judgment. The FBI shall not hesitate to use any lawful techniques consistent with these Guidelines, even if intrusive, where the degree of intrusiveness is warranted in light of the seriousness of a threat to the national security or the strength of the information indicating its existence. This point is to be particularly observed in investigations relating to terrorism.⁴⁹

IV. The Role of FBI Headquarters and Field Offices in Issuing and Using National Security Letters

We describe below the responsibilities of Headquarters and field divisions assigned to conduct or support the FBI's investigative and intelligence activities in national security investigations.

A. FBI Headquarters

During most of the period of this review, three FBI Headquarters divisions were responsible for supervising the FBI's counterterrorism,

________________________________
⁴⁶ The additional techniques permitted during preliminary investigations are classified.

⁴⁷ NSL Guidelines, Introduction, A.

⁴⁸ The additional techniques permitted during full investigations are classified.

⁴⁹ NSL Guidelines, § I(M).

counterintelligence, and cyber programs: the Counterterrorism Division, Counterintelligence Division, and Cyber Division. These programs were implemented through the counterterrorism, counterintelligence, and cyber squads in the FBI's 56 domestic field divisions and through the establishment of operational support sections within the Headquarters divisions.

1.   Counterterrorism Division
The division's mission is to identify and disrupt potential terrorist plots, freeze terrorist finances, share information with law enforcement and intelligence partners world-wide, and provide strategic and operational threat analysis to the intelligence community. Agents assigned to counterterrorism squads use information derived from national security letters to analyze non-content telephone and Internet communications, financial records, financial institution and consumer-identifying information, and consumer full credit reports.
2.   Counterintelligence Division
The division's mission involves counterproliferation, counterespionage, and protection of critical national assets. Agents assigned to counterintelligence squads use information obtained from national security letters to analyze non-content telephone and Internet communications, financial records, and financial institution and consumer-identifying information.
3.   Cyber Division
The division's mission is to protect the United States against cyber-based attacks and high technology crimes. Its agents provide support for computer-related counterterrorism and counterintelligence investigations with an international nexus, including foreign computer intrusion cyber investigations.
4.   Directorate of Intelligence
The directorate's mission is to meet current and emerging national security and criminal threats by assuring that the FBI proactively targets threats to the United States; providing useful, appropriate, and timely information and analysis; and building and sustaining FBI-wide intelligence policies and capabilities. The directorate has no officials who are authorized to sign national security letters. However, during the period covered by our review the field-based Field Intelligence Groups, which report to this directorate, performed significant analytical work on data derived from national security letters in support of the FBI's counterterrorism, counterintelligence, and cyber programs. The directorate also serves as the FBI's primary liaison for dissemination and receipt of intelligence

information outside the FBI and has the final review authority over intelligence products to be disseminated outside the FBI, including information derived from national security letters.

5. Office of the General Counsel (FBI-OGC)

The National Security Law Branch (NSLB) of FBI-OGC provides legal advice, guidance, and training on the FBI's use of national security letter authorities; collects data on NSL usage from Headquarters and field divisions for purposes of preparing the Department's required reports to Congress; prepares NSLs for the signatures of the General Counsel, the Deputy General Counsel for NSLB, and certain Headquarters officials; provides technical support regarding retention and dissemination of NSL-derived information; identifies, evaluates, and corrects misuse of NSL authorities; evaluates possible Intelligence Oversight Board (IOB) violations reported by field and Headquarters personnel and reports some of these matters to the President's Foreign Intelligence Oversight Board; and develops legislative proposals and responds to congressional requests for information about the FBI's use of its NSL authorities.

B. FBI Field Divisions

The FBI's 56 field divisions have counterterrorism, counterintelligence, and cyber squads that investigate cases related to national security threats or potential threats. Field supervisors are authorized to initiate counterterrorism, counterintelligence, and cyber investigations, and Special Agents in Charge are authorized to sign national security letters. Additional FBI and non-FBI field personnel who are responsible for reviewing and analyzing information obtained through national security letters are:

1. Chief Division Counsel

Chief Division Counsel (CDCs) in all 56 FBI field divisions report to the Special Agents in Charge of the field division and are responsible for reviewing all national security letters prepared for the signature of the Special Agent in Charge. CDCs in large field divisions sometime delegate this authority to Assistant Division Counsel. The responsible Chief Division Counsel or Assistant Division Counsel examines approval documents and the draft national security letters for legal sufficiency, corrects errors, seeks additional information when needed, and forwards the approval package to the Special Agent in Charge. CDCs also provide training to agents serving on counterterrorism, counterintelligence, and cyber squads, provide advice on how to address legal issues arising from the use of NSL authorities, and assist case agents in reporting possible IOB violations arising from the use of these authorities to FBI-OGC.

2. Field Intelligence Groups

Field Intelligence Groups (FIG) were established in all 56 field divisions by October 2003. They include special agents, intelligence analysts, language analysts, and special surveillance groups. FIG personnel conduct intelligence analyses, direct the collection of information to fill intelligence gaps, and are responsible for disseminating intelligence products to internal and external customers, including state and local law enforcement. FIG personnel analyze information derived from national security letters, often relating it to other cases within the field division and other field divisions. The intelligence directorate's Field Oversight Unit develops, supports, and provides oversight of the FIGs, which are managed in each field division by an Assistant Special Agent in Charge.

source: PDF at DOJ website 34 MB 9mar2007
index page: www.usdoj.gov/oig/reports/FBI/index.htm

To send Mindfully.org your comments, questions, and suggestions click here
The home page of this website is www.mindfully.org
Please see our Fair Use Notice

malignant mesothelioma Medifast Coupons