National Security Letter Report Prompts Outrage from Hill, Activists

Recipients of such FBI demands can’t reveal NSLs’ existence. Targeted librarians described their experiences with NSLs in 2006 after the govt. lost its case to keep a gag order on them, and they complained the NSL provision kept them from influencing Hill debate on Patriot Act reauthorization (WID May 31/06 p5).

Senate Judiciary Committee Chmn. Leahy (D-Vt.) promised “extensive hearings” on the findings -- Dir. Robert Mueller is to testify this month -- and “possible remedies.” “These improper and illegal violations might all be continuing if it were not for the sunshine provisions” in the Patriot Act, Leahy said in a statement. NSLs can do “great harm to innocent people,” who “have a right to expect that the government follows the law,” he said.

“Many of us have been saying that the potential for abuse” of NSL procedure is “almost without limit,” House Judiciary Chmn. Conyers (D-Mich.) said in a statement, also promising hearings. He said “false information” on NSL use, given to Congress by DoJ, led to Patriot Act reauthorization, and said the IG report found 4,600 NSL requests unreported to Congress.

Late Guidelines Caused FBI Errors

FBI staff reported a majority (26) of the flagged NSL incidents to the Bureau’s NSL tracking database (FBI-OGC) in the general counsel’s office, the IG said. Most (19) involved recipients providing more material than sought or information on the wrong person, due to FBI “typographical” errors or recipient errors. The rest were issued without meeting the relevant NSL statute’s requirements or whose underlying investigations weren’t approved. Virtually all incidents (22) were from FBI error, which “demonstrated FBI agents’ unfamiliarity with the constraints on NSL authorities,” the IG said. Third-party errors included providing voice messages, e-mail and other prohibited content.

About 1 investigative file in 5 the IG reviewed in 4 field offices had unreported NSL violations (17 of 77). Those files contained 293 NSLs, of which 22 involved possible violations. Most NSLs either involved receipt of unauthorized information (10) or improper requests under the Fair Credit Reporting Act (9), although the proportion of FBI-to-3rd-party errors was closer (12 to 10).

Using “exigent letters” -- meant for emergency use only -- the FBI got subscriber information or billing records from 3 phone companies more than 700 times. The letters were signed by people not authorized to sign NSLs. They were missing documentation connecting them to FBI investigations, and the FBI frequently failed to send NSLs after the exigent letters, violating the Electronic Communications Privacy Act (ECPA), the report said. NSLs can’t be used outside national security investigations, but 300-plus were issued from unauthorized “control files” for information from phone companies and ISPs.

Errors flowed from “confusion about the authorities available under the various NSL statutes,” the IG said, absolving agents of “criminal misconduct” and saying in “most cases” they could have gotten the same information through proper procedure. Agents failed to cross-check NSL submissions with approval documents or verify that received information matched requests. The FBI only released comprehensive guidance on “NSL-related infractions” in Nov., which likely explains the high error rate, the report said. Agents frequently didn’t know what encompassed “toll billing records information” in the ECPA NSL provision, and the FBI- OGC database didn’t specify whether NSL targets or other people were the subjects of the underlying investigations.

The IG believes the actual number of NSL requests is “significantly higher” than the 143,000 recorded in the OGC database. A sample of its 4-office review found about 1 in 5 more NSLs and NSL requests than would be expected in the database, which frequently held inaccurate information, the report said. Recommendations by the IG include: (1) Create a control file in which authorized personnel can keep signed copies of NSLs. (2) Improve the timeliness and breadth of material added to the OGC database. (3) Provide more guidance to field offices on identifying possible violations. (4) Tighten ECPA’s “billing records” definition. (5) Limit use of exigent letters.

Gonzales Blames ‘Sloppy’ Work, Members Blame Him

“There is no excuse for the mistakes that have been made and we are going to make things right as quickly as possible,” Gonzalez said regarding the NSL report Fri. “It’s an example of where we fell short of our ultimate goal,” he told the International Assn. of Privacy Professionals conference in Washington, blaming the lapses on “shortcuts” and “sloppy” work. But the IG report “didn’t dispute the fact that NSLs are extremely useful,” Gonzales said: “It’s essential that we have the ability to gather information in this way.” Gonzalez blamed the incidents detailed in the IG report to “confusion about the rules” and “lack of sufficient oversight,” not “intentional wrongdoing.” The govt. is “committed” to fighting terror and protecting privacy but also “imperfect,” he said.

The DoJ National Security Div. and its Civil Liberties office will work with the FBI reviewing NSLs to provide a “new level of oversight,” he said. But it can’t be fixed overnight, Gonzales said, asking the public not to “rush to judgment and allow corrective measures to work.” In a press conference later, Gonzalez called the report “very upsetting.” When asked if he would consider resigning or ask Mueller to step down, Gonzalez said: “We still need to get a better idea of what happened… I'm not comfortable with where we are today.”

Mueller promised “additional corrective measures” on NSL use in a statement. He called the findings “unacceptable,” saying “while we've already taken some steps to address these shortcomings, I am ordering additional corrective measures to be taken immediately.” Steps include “strengthening internal controls,” improving NSL approval oversight and barring “certain practices” the IG identified, and “an expedited inspection,” an FBI statement said.

But the IG report “found no deliberate or intentional misuse of authorities,” acknowledged the role of the FBI’s “major reorganization” since 9/11 and the Counterterrorism Div.’s “extraordinary workload,” and cited instances in which NSLs proved “the basic building blocks… of investigations,” the FBI said. When the Bureau learns it inappropriately gets information through NSLs, that information will be “sealed, sequestered, and where appropriate, destroyed,” and employees will be disciplined “if appropriate,” the statement said. Mueller agrees with the IG’s recommendations, he said.

Bipartisan outrage greeted the report. “The days of Congress giving this Administration a blank check are over,” Senate Majority Leader Reid (D-Nev.) said. House Speaker Pelosi (D-Cal.) called Bush and the previous Congress “delinquent in oversight” of the NSL process, vowing Congress under Democrats “will meet that obligation.” “It is not enough for this Administration to claim that it is upset by today’s disclosures,” House Majority Leader Steny Hoyer said, telling Bush to “hold the appropriate officials accountable for what happened” and prevent a recurrence. Gonzales and Mueller “bear some responsibility here,” Sen. Sununu (R-N.H.) said: “When you have a problem of this magnitude, there is obviously… a failure of supervision, management, and frankly of leadership.”

The NSL under-reporting probably isn’t criminal, but “it’s plain the Administration has been playing fast and loose with the facts,” Lisa Graves, deputy dir. of the Center for National Security Studies, told us. The extent of misrepresentation gives Congress a further “mandate to get to the bottom of this,” she said, because the problem goes past gross violation of privacy. It’s a security problem, since time and money spent gathering information from average Americans is time and money that could be spent catching “bad guys,” she said. A broad array of entities can be subjected to NSLs: Telcos, cable companies, banks, credit companies, any ISP, car dealers, the U.S. Postal Service and others.

The controversy likely will mean “serious hearings in both houses” of Congress, Graves said, with legislation a distinct possibility. Once pro-privacy legislation might have been a non-starter, but the tide seems to be turning, she said. “Certainly no one would have predicted a filibuster of the Patriot Act” last year, she said, adding that recent “non-partisan” legislation introduced by Sens. Feingold (D-Wis.) and Craig (R-Ida.) has a chance of passing it wouldn’t have before.

The report’s findings deserve “more than just a cursory examination,” the Electronic Frontier Foundation said in a statement. “This is not simply about errors in ‘oversight,'” senior staff attorney Lee Tien said: “This report shows that [the] Patriot [Act] is a bad law with terrible implications for Americans’ privacy.” “As long as FBI agents are permitted to demand personal information without obtaining any judicial approval, problems will persist,” said Center for Democracy & Technology Policy Dir. Jim Dempsey, calling for “meaningful oversight” from Congress in lieu of a DoJ “fix.”

“One can hardly be surprised when you take off all the safety features of a law and bad things happen,” George Washington U. law professor Jon Turley told us. Members of both parties ignored warnings that Patriot Act changes making the standard for getting information “remarkably low” were invitations to arbitrary and capricious use of NSLs, Turley said: “It’s amazing how cavalier these agents became the minute they didn’t have to answer to anyone.” The controversy’s emergence within a week of another Patriot Act fracas, over the firings of U.S. attorneys, shows “how poorly” Congress has handled oversight with respect to that law, he said.

Turley predicted Congress would act more decisively than in the previous surveillance controversy, in part because it would be “more politically palpable.” This type of privacy violation “is the type of thing citizens would understand,” while the NSA surveillance controversy lay more in a “political gray area,” he said.