FBI Finds It Frequently Overstepped in Collecting Data
Thursday, June 14, 2007
An internal FBI audit has found that the bureau potentially violated the law or agency rules more than 1,000 times while collecting data about domestic phone calls, e-mails and financial transactions in recent years, far more than was documented in a Justice Department report in March that ignited bipartisan congressional criticism.
The new audit covers just 10 percent of the bureau's national security investigations since 2002, and so the mistakes in the FBI's domestic surveillance efforts probably number several thousand, bureau officials said in interviews. The earlier report found 22 violations in a much smaller sampling.
The vast majority of the new violations were instances in which telephone companies and Internet providers gave agents phone and e-mail records the agents did not request and were not authorized to collect. The agents retained the information anyway in their files, which mostly concerned suspected terrorist or espionage activities.
But two dozen of the newly-discovered violations involved agents' requests for information that U.S. law did not allow them to have, according to the audit results provided to The Washington Post. Only two such examples were identified earlier in the smaller sample.
FBI officials said the results confirmed what agency supervisors and outside critics feared, namely that many agents did not understand or follow the required legal procedures and paperwork requirements when collecting personal information with one of the most sensitive and powerful intelligence-gathering tools of the post-Sept. 11 era -- the National Security Letter, or NSL.
Such letters are uniformly secret and amount to nonnegotiable demands for personal information -- demands that are not reviewed in advance by a judge. After the 2001 terrorist attacks, Congress substantially eased the rules for issuing NSLs, requiring only that the bureau certify that the records are "sought for" or "relevant to" an investigation "to protect against international terrorism or clandestine intelligence activities."
The change -- combined with national anxiety about another domestic terrorist event -- led to an explosive growth in the use of the letters. More than 19,000 such letters were issued in 2005 seeking 47,000 pieces of information, mostly from telecommunications companies. But with this growth came abuse of the newly relaxed rules, a circumstance first revealed in the Justice Department's March report by Inspector General Glenn A. Fine.
"The FBI's comprehensive audit of National Security Letter use across all field offices has confirmed the inspector general's findings that we had inadequate internal controls for use of an invaluable investigative tool," FBI General Counsel Valerie E. Caproni said. "Our internal audit examined a much larger sample than the inspector general's report last March, but we found similar percentages of NSLs that had errors."
"Since March," Caproni added, "remedies addressing every aspect of the problem have been implemented or are well on the way."
Of the more than 1,000 violations uncovered by the new audit, about 700 involved telephone companies and other communications firms providing information that exceeded what the FBI's national security letters had sought. But rather than destroying the unsolicited data, agents in some instances issued new National Security Letters to ensure that they could keep the mistakenly provided information. Officials cited as an example the retention of an extra month's phone records, beyond the period specified by the agents.
Case agents are now told that they must identify mistakenly produced information and isolate it from investigative files. "Human errors will inevitably occur with third parties, but we now have a clear plan with clear lines of responsibility to ensure errant information that is mistakenly produced will be caught as it is produced and before it is added to any FBI database," Caproni said.
The FBI also found that in 14 investigations, counterintelligence agents using NSLs improperly gathered full credit reports from financial institutions, exercising authority provided by the USA Patriot Act but meant to be applied only in counterterrorism cases. In response, the bureau has distributed explicit instructions that "you can't gather full credit reports in counterintelligence cases," a senior FBI official said.