The Department of Justice (DOJ) Office of the Inspector General (OIG) announced today the public release of a June 2016 report examining the Federal Bureau of Investigation's (FBI) use of the investigative authority granted by Section 215 of the Patriot Act between 2012 and 2014. Section 215 is often referred to as the Foreign Intelligence Surveillance Act (FISA) "business records" provision. This report, which was mandated by the USA Freedom Act of 2015, is the DOJ OIG’s fourth review of the FBI's use of FISA business records. Three previous reports issued in March 2007, March 2008, and May 2015 addressed the FBI's use of Section 215 authority between 2002 and 2009. A classified version of the report released publicly today was submitted to Congress and DOJ leadership when it was completed in June, and is being released publicly today upon completion of a classification review by the FBI and the Intelligence Community.
As described in the report released today, from 2012 through 2014 the DOJ, on behalf of the FBI, submitted 561 Section 215 applications to the FISA Court, all of which were approved. We found that while the number of business records orders obtained by the FBI increased significantly between 2007 and 2012 - an increase that was largely driven by the refusal of several communications providers to produce electronic transactional records in response to FBI National Security Letters — the number of Section 215 orders peaked in 2012 with 212 orders and has declined annually since that time. We further found the orders were used far more frequently in counterintelligence cases than as a counterterrorism or cyber tool.
Our report also analyzes the timeliness of the Section 215 process, both generally and at each stage of the approval process. We found that the median time needed to obtain business records orders during our review period, from initiation of a request by a field office until issuance of the order by the FISA Court, was 115 days. Agents described the process to us as lengthy and said the delay in obtaining orders often had a negative impact on their investigations, a point emphasized in particular by agents who conduct cyber investigations. However, agents also told us consistently that Section 215 orders continued to be a valuable investigative tool. As with our previous reviews, the majority of agents we interviewed did not identify any major case developments that resulted from use of the records obtained in response to the orders, but told us that the material produced was valuable as a building block of their investigations. In at least two cases, agents we interviewed told us that the records obtained in their investigation provided valuable information that they would not otherwise have been able to obtain. In other instances, case agents told us that they used the information obtained under Section 215 to exculpate a subject and close the investigation.
The report released today also examines three compliance incidents that affected numerous business records orders between 2012 and 2014. These incidents included the systemic overproduction of full and partial e-mail subject lines by two providers, a system-wide error in an FBI database, and a third incident the details of which remain mostly classified.
The report also examines the progress the DOJ and FBI have made addressing three recommendations in the OIG's March 2008 and May 2015 reports concerning minimization procedures for information obtained under Section 215 authority. In the 2008 report, we recommended that the DOJ implement final minimization procedures, develop procedures for reviewing materials received in response to business records orders to identify overproduced information, and develop procedures for handling overproductions. In our May 2015 report, we recognized that the DOJ had adopted final procedures implementing the OIG's recommendations, but we also identified several terms used in the procedures that we believed required clarification. Based on the information obtained during this current review, we concluded that the DOJ and the FBI made these clarifications and we therefore have closed the recommendations.
The report released today makes one new recommendation: based upon the concerns expressed by agents about the time needed to obtain Section 215 orders, we recommend that the FBI and the DOJ continue to pursue ways to make the business records process more efficient, particularly for applications related to cyber cases. The FBI and the DOJ agree with this recommendation.
The report released today, which contains redactions of information that the FBI and the Intelligence Community determined to be classified, is available on the OIG's website at the following link: https://oig.justice.gov/reports/2016/o1604.pdf.