washingtonpost.com
Report Details Missteps in Data Collection

By R. Jeffrey Smith
Washington Post Staff Writer
Saturday, March 10, 2007

Over a three-year period ending in 2005, the FBI collected intimate information about the lives of a population roughly the size of Bethesda's -- 52,000 -- and stored it in an intelligence database accessible to about 12,000 federal, state and local law enforcement authorities and to certain foreign governments.

The FBI did so without systematically retaining evidence that its data collection was legal, without ensuring that all the data it obtained matched its needs or requests, without correctly tallying and reporting its efforts to Congress, and without ferreting out all of its abuses and reporting them to an intelligence oversight board.

These are the conclusions of the Justice Department's uncontested examination of one of the most sensitive and widely used intelligence-gathering tools of the post-Sept. 11 era -- the national security letter (NSL). A report released yesterday by the department's Office of the Inspector General offers the first official glimpse into the use of that impressive tool, and the results, according to the report, are not pretty.

"We believe," the inspector general's office said in a summary of whether and how often the tool might have jeopardized the privacy of U.S. residents, "that a significant number of NSL-related violations are not being identified or reported by the FBI."

The 199-page report, which Congress ordered the inspector general's office to produce over the Justice Department's objections, does not accuse the FBI of deliberate lawbreaking. But it depicts the bureau's 56 field offices and headquarters as paying little heed to the rules, and misunderstanding them, as they used the USA Patriot Act and three other laws to request the telephone records, e-mail addresses, and employment and credit histories of people deemed relevant to terrorism or espionage investigations.

Congress significantly lowered the threshold for the government to obtain such information after the 2001 terrorism attacks, producing what the FBI itself reported as at least a fivefold increase in annual requests. Its tally cited 39,000 requests in 2003, 56,000 in 2004 and 47,000 in 2005 -- involving a total of 24,937 "U.S. persons" (including citizens and green-card holders) and 27,262 foreigners in the United States. In 2004, nine letters alone requested telephone-subscriber information on 11,100 phone numbers.

The inspector general's report discloses, however, that these numbers understated the FBI's use of national security letters to collect data. After checking 77 investigative case files at four FBI field offices, investigators found that those offices had "significantly" underreported the number of requests they had made and that, in this small subset alone, the real number was 22 percent higher.

The FBI also did not keep correct records of the investigations to which these requests were linked, according to the inspector general's report. Its agents did not always obtain the correct, internal authorization for those requests; they made typographical errors in listing key telephone numbers and e-mail addresses; they sought information the laws did not permit them to have; and they were given little to no policy guidance on what they could request or when to report mistakes and abuses, the report said.

"I think it shows that the bureau has failed to comply with the very minimal requirements that the law imposes on the use of this authority, and underscores the problem that arises when an investigative agency can unilaterally exercise such an invasive power," said David Sobel, senior counsel at the Electronic Frontier Foundation, a nonprofit advocacy group.

Although the FBI's tally throughout the period studied understated the proportion of U.S. persons targeted by the letters, a trend was evident: National security letters -- which are not subject to judicial review or public disclosure and were initially conceived as useful tools against suspicious foreign nationals -- were used increasingly by the FBI to collect data on U.S. citizens and green-card holders, the report said.

Moreover, these requests were frequently the leading edge of even more intense federal scrutiny, according to the report. Many FBI officials told investigators that an important use of the collected data was to support court "applications for electronic surveillance, physical searches, pen register/trap and trace orders."

"Many FBI personnel used terms to describe NSLs such as 'indispensable' and 'our bread and butter,' " the report said. "Once information is obtained in response to a national security letter, it is indefinitely retained and retrievable" by authorized personnel, the report noted.

The tens of thousands of data-collection requests have produced few criminal charges directly related to terrorism or espionage, according to the inspector general's report. About half of the FBI's field offices did not refer any of those targeted by such requests to prosecutors, the report said, and the most common charges cited by others were fraud, immigration violations and money laundering.

Commercial firms and institutions, which face court action and contempt fines if they do not comply with data-collection requests, were generally exceptionally eager to do so, the report said.

In 19 of the 26 instances in which the FBI itself found a possible violation of the rules during this period, the recipient of such letters "provided more information than was requested or provided information on the wrong person," according to the report. In other instances of abuse discovered by the office of the inspector general, the FBI received "unauthorized information," such as unrequested telephone billing records or e-mail information for longer periods than the bureau sought, the report said.

But the field office errors were small compared with what the report described as major abuses by counterterrorism officials at FBI headquarters.

For example, the FBI on 739 occasions used secret contracts with three telephone companies to obtain records related to 3,000 phone numbers after asserting -- in most instances -- that the records were needed because of "exigent circumstances" and promising that requests for subpoenas had already been sent to U.S. attorney's offices.

In fact, many of these claims were false, according to the report: The letters were mostly used in "non-emergency circumstances"; no documentation existed of a connection to "pending national security investigations"; and "subpoenas requesting the information had not been provided to the U.S. Attorney's Office before the letters were sent."

In a second abuse, the headquarters staff sent 300 requests for data "in connection with a classified special project" without tying the requests to specific investigations, a violation of internal FBI rules, the inspector general's report said.

Staff researcher Madonna Lebling contributed to this report.

View all comments that have been posted about this article.

© 2007 The Washington Post Company