FBI Finds It
Frequently Overstepped in Collecting Data
Washington Post | June 14, 2007
By John Solomon
An internal
FBI audit has
found that the bureau potentially violated the law or agency rules
more than 1,000 times while collecting data about domestic phone
calls, e-mails and financial transactions in recent years, far more
than was documented in a
Justice Department
report in March that ignited bipartisan congressional criticism.
The new audit
covers just 10 percent of the bureau's national security
investigations since 2002, and so the mistakes in the FBI's domestic
surveillance efforts probably number several thousand, bureau
officials said in interviews. The earlier report found 22 violations
in a much smaller sampling.
The vast majority
of the new violations were instances in which telephone companies
and Internet providers gave agents phone and e-mail records the
agents did not request and were not authorized to collect. The
agents retained the information anyway in their files, which mostly
concerned suspected terrorist or espionage activities.
But two dozen
of the newly-discovered violations involved agents' requests for
information that U.S. law did not allow them to have, according to
the audit results provided to
The Washington Post.
Only two such examples were identified earlier in the smaller
sample.
FBI officials said
the results confirmed what agency supervisors and outside critics
feared, namely that many agents did not understand or follow the
required legal procedures and paperwork requirements when collecting
personal information with one of the most sensitive and powerful
intelligence-gathering tools of the post-Sept. 11 era -- the
National Security Letter, or NSL.
Such letters are
uniformly secret and amount to nonnegotiable demands for personal
information -- demands that are not reviewed in advance by a judge.
After the 2001 terrorist attacks, Congress substantially eased the
rules for issuing NSLs, requiring only that the bureau certify that
the records are "sought for" or "relevant to" an investigation "to
protect against international terrorism or clandestine intelligence
activities."
The change --
combined with national anxiety about another domestic terrorist
event -- led to an explosive growth in the use of the letters. More
than 19,000 such letters were issued in 2005 seeking 47,000 pieces
of information, mostly from telecommunications companies. But with
this growth came abuse of the newly relaxed rules, a circumstance
first revealed in the Justice Department's March report by
Inspector General Glenn A. Fine.
"The FBI's
comprehensive audit of National Security Letter use across all field
offices has confirmed the inspector general's findings that we had
inadequate internal controls for use of an invaluable investigative
tool," FBI General Counsel Valerie E. Caproni said. "Our internal
audit examined a much larger sample than the inspector general's
report last March, but we found similar percentages of NSLs that had
errors."
"Since March,"
Caproni added, "remedies addressing every aspect of the problem have
been implemented or are well on the way."
Of the more than
1,000 violations uncovered by the new audit, about 700 involved
telephone companies and other communications firms providing
information that exceeded what the FBI's national security letters
had sought. But rather than destroying the unsolicited data, agents
in some instances issued new National Security Letters to ensure
that they could keep the mistakenly provided information. Officials
cited as an example the retention of an extra month's phone records,
beyond the period specified by the agents.
Case agents are now
told that they must identify mistakenly produced information and
isolate it from investigative files. "Human errors will inevitably
occur with third parties, but we now have a clear plan with clear
lines of responsibility to ensure errant information that is
mistakenly produced will be caught as it is produced and before it
is added to any FBI database," Caproni said.
The FBI also
found that in 14 investigations, counterintelligence agents using
NSLs improperly gathered full credit reports from financial
institutions, exercising authority provided by the
USA Patriot
Act but meant to be applied only in counterterrorism cases. In
response, the bureau has distributed explicit instructions that "you
can't gather full credit reports in counterintelligence cases," a
senior FBI official said.
In 10 additional investigations,
FBI agents used NSLs to request other information that the relevant
laws did not allow them to obtain. Officials said that, for example,
agents might have requested header information from e-mails -- such
as the subject lines -- even though NSLs are supposed to be used to
gather information only about the e-mails' senders and the
recipients, not about their content.
The FBI audit also identified
three dozen violations of rules requiring that NSLs be approved by
senior officials and used only in authorized cases. In 10 instances,
agents issued National Security Letters to collect personal data
without tying the requests to specific, active investigations -- as
the law requires -- either because, in each case, an investigative
file had not been opened yet or the authorization for an
investigation had expired without being renewed.
FBI officials said the audit found
no evidence to date that any agent knowingly or willingly violated
the laws or that supervisors encouraged such violations. The Justice
Department's report estimated that agents made errors about 4
percent of the time and that third parties made mistakes about 3
percent of the time, they said. The FBI's audit, they noted, found a
slightly higher error rate for agents -- about 5 percent -- and a
substantially higher rate of third-party errors -- about 10 percent.
The officials said they are making
widespread changes to ensure that the problems do not recur. Those
changes include implementing a corporate-style, continuous, internal
compliance program to review the bureau's policies, procedures and
training, to provide regular monitoring of employees' work by
supervisors in each office, and to conduct frequent audits to track
compliance across the bureau.
The bureau is also trying to
establish for NSLs clear lines of responsibility, which were lacking
in the past, officials said. Agents who open counterterrorism and
counterintelligence investigations have been told that they are
solely responsible for ensuring that they do not receive data they
are not entitled to have.
The FBI audit did not turn
up new instances in which another surveillance tool known as an
Exigent Circumstance Letter had been abused, officials said. In a
finding that prompted particularly strong concerns on
Capitol Hill,
the Justice Department had said such letters -- which are similar to
NSLs but are meant to be used only in security emergencies -- had
been invoked hundreds of times in "non-emergency circumstances" to
obtain detailed phone records, mostly without the required links to
active investigations.
Many of those letters were
improperly dispatched by the bureau's Communications Analysis Unit,
a central clearinghouse for the analysis of telephone records such
as those gathered with the help of "exigent" letters and National
Security Letters. Justice Department and FBI investigators are
trying to determine if any FBI headquarters officials should be held
accountable or punished for those abuses, and have begun advising
agents of their due process rights during interviews.
The FBI audit will be completed in
the coming weeks, and Congress will be briefed on the results,
officials said. FBI officials said each potential violation will
then be extensively reviewed by lawyers to determine if it must be
reported to the Intelligence Oversight Board, a presidential panel
of senior intelligence officials created to safeguard civil
liberties.
The officials said the final tally
of violations that are serious enough to be reported to the panel
might be much less than the number turned up by the audit, noting
that only five of the 22 potential violations identified by the
Justice Department's inspector general this spring were ultimately
deemed to be reportable.
"We expect that percentage will
hold or be similar when we get through the hundreds of potential
violations identified here," said a senior FBI official, who spoke
on the condition of anonymity because the bureau's findings have not
yet been made public.
|