NSL Abuse Doesn’t Violate Constitution, FBI Official Tells Subcommittee

Subcommittee Chairman Jerrold Nadler, D-N.Y., said 2005 changes to the Patriot Act technically let courts modify NSLs but require courts to take a government assertion of harm from disclosure at “face value,” removing accountability. Nadler’s NSL Reform Act, HR-3189, would require the government to show “specific and articulable facts” that the records sought under an NSL involve a foreign power or its agent. The bill also would put a time limit and renewal periods on gag orders and notify the targets of NSLs before evidence from them goes to court. The gag-order provision recently was struck down as unconstitutional in one federal court (WID Sept 7 p1).

Ranking Member Trent Franks, R-Ariz., said the bill would make NSLs no more effective than they were before the Sept. 11 attacks, calling them a “failed model based on criminal prosecutions alone.” The 4th Amendment doesn’t protect business records held by third parties, he said, adding that under the bill terrorists would have more protections than garden-variety criminals. Fine’s update last month found only “administrative errors” in the FBI’s NSL practices, he said.

The FBI and DoJ have made significant progress in adopting previous IG recommendations, Fine said. These include instituting a new tracking system, guidance memos and mandatory training. But a DoJ working group’s initial proposal for analyzing use of NSLs lacked basic rules for tagging information or minimizing use of data, he said. FBI case files showed NSL misuse at 9 percent, exceeding the IG’s estimate, he said. It’s too early to say if FBI corrective action will fix the abuses, Fine said.

FBI General Counsel Valerie Caproni noted that Fine’s report found no “deliberate or intentional misuse” of NSL authority, just “inadequate controls.” Most errors came from third parties who gave the agency more than the NSL requested, Caproni said. The FBI is “cleaning up” old habits of unauthorized use of emergency-only exigent letters, and seeking to stop use of “blanket” NSLs making overly broad demands, she said. But some records may have relevance to the FBI that’s not immediately apparent -- and assessing that relevance is a “laborious, time-consuming process,” she said.

Caproni didn’t know why her request to report an NSL misuse to the Intelligence Oversight Board apparently didn’t go through, she said. That occurred after a Washington Post article on an NSL for North Carolina State University educational records, which the law doesn’t cover. Caproni confirmed that the FBI sought and received the records through a grand-jury subpoena and said a “miscommunication” may have led to the failure to report the NSL misuse. The Electronic Frontier Foundation Tuesday said it received documents under a FOIA request showing that top FBI officials knew about the improper NSL from the start.

Nadler and Caproni differed on the constitutional implications of an NSL violation. It doesn’t involve the “fruit of the poisonous tree” doctrine requiring exclusion of evidence gathering based on information obtained illegally, Caproni told Nadler. Business records don’t trigger 4th Amendment scrutiny and consumers have no legitimate privacy interest in what they give third parties, she said. Caproni said that third parties must release records only after the “appropriate process” has been followed.

The FBI needs no outside authority to review NSL requests, Caproni said, citing congressionally mandated IG reports and the FBI’s own legal reviews brought on by the IG’s 2007 report. Rep. Bobby Scott, D-Va., said review amounts to FBI employees “checking and balancing themselves” in the same coercive environment indicted in the disputed firing of several U.S. attorneys. Caproni said agency lawyers won’t sign off on NSLs unless they pertain to relevant information.

Bill Feared as Rebuilding Intelligence ‘Wall’

So-called transactional records obtained via NSL include “extremely sensitive” data, said Jameel Jaffer, director of the ACLU’s National Security Project, on a second panel. ISPs can be compelled to identify a subscriber or even an anonymous Internet poster, “two or three steps away” from the actual government target, he said. The ACLU is representing an NSL recipient who remains under an FBI gag order though the agency dropped its NSL a year ago, Jaffer said.

The FBI hasn’t explained well why it simply can’t use grand-jury subpoenas to get the same information, under a lower standard, that it gets with NSLs, said Bruce Fein, a former Reagan Administration associate deputy attorney general. Internal reviews to curb NSL abuse are toothless, he said. “You don’t need to have an explicit order in the bureaucracy to know where to come out” on evaluating NSL requests. David Kris, another former associate deputy attorney general, said Nadler’s bill should go further, eliminating NSLs and creating a single law for “national security subpoenas” with “rigorous minimization procedures.” Today’s law is “intricate and idiosyncratic,” Kris said.

But Michael Woods, former chief of the FBI National Security Law Unit, said transactional data were “probably one of our best hopes” for detecting terror attack plans. He told Franks no “specific and articulable facts” -- the standard in Nadler’s bill -- exist on which to base counterterror NSLs. The FBI only wants rules “roughly equivalent” to those for criminal prosecutions, he said. The Nadler standard isn’t very high in the first place, Jaffer said, noting that the FBI need only give a plausible reason for getting customer data. Fein cited a Michigan ruling against the government in which the U.S. said that the court wouldn’t be able to understand its rationale for records using that standard.

Woods said he also worried that Nadler’s bill could rebuild the “wall” between intelligence and law enforcement in sharing data obtained through NSLs. NSL rules, though, “have to inspire confidence in the American public,” he said, adding that Nadler’s bill is fine otherwise.